BleepingComputer reports that vulnerable TBK Vision DVR-4104 and DVR-4216 digital video recording devices impacted by the command injection flaw, tracked as CVE-2024-3721, have been targeted by a novel Mirai botnet malware variant.
Attacks which have mostly breached TBK Vision DVRs in China, India, Egypt, Ukraine, and Russia involved the utilization of a proof-of-concept exploit by security researcher "netsecfish" to deploy an ARM32 malware binary that facilitates the inclusion of targeted devices to the botnet swarm for subsequent distributed denial-of-service intrusions and other illicit activities, according to an analysis from Kaspersky. Almost 50,000 TBK DVRs, which are usually repackaged under other brands including Night OWL, Securus, CeNova, Novo, and QSee continue to be at risk of compromise through the exploit, which was down from the 114,000 online DVRs discovered by netsecfish last year. Despite active exploitation, TBK has yet to confirm whether it has issued patches to remediate the security issue.
Attacks which have mostly breached TBK Vision DVRs in China, India, Egypt, Ukraine, and Russia involved the utilization of a proof-of-concept exploit by security researcher "netsecfish" to deploy an ARM32 malware binary that facilitates the inclusion of targeted devices to the botnet swarm for subsequent distributed denial-of-service intrusions and other illicit activities, according to an analysis from Kaspersky. Almost 50,000 TBK DVRs, which are usually repackaged under other brands including Night OWL, Securus, CeNova, Novo, and QSee continue to be at risk of compromise through the exploit, which was down from the 114,000 online DVRs discovered by netsecfish last year. Despite active exploitation, TBK has yet to confirm whether it has issued patches to remediate the security issue.
