Beastmode Botnet Follows in Mirai's Footsteps
Spin-offs of the Mirai Botnet continue to be a worldwide threat. These malware families infect a wide range of Internet-connected devices, and then harvest their network capabilities to execute distributed-denial-of-service (DDoS) attacks or engage in other botnet operations. One of the latest variants of Mirai is dubbed the Beastmode Botnet, and it appears to target one specific manufacturer of routers – TOTOLINK. Allegedly, the criminals are exploiting a list of vulnerabilities, which are present in outdated firmware of TOTOLINK routers. Users who have made sure to keep their device's firmware up-to-date have nothing to worry about.
Although some Mirai variants engage in ad-fraud and similar tactics, the Beastmode Botnet focuses entirely on DDoS attacks. Just like other botnets, the creators of this one are also using pre-defined bruteforce parameters to discover vulnerable TOTOLINK devices. Thanks to the wide range of vulnerabilities, the criminals were able to exploit thousands of devices in a short amount of time.
The first infections of the Beastmode Botnet date back to the end of February. Although the majority of infected devices were TOTOLINK routers, the criminals also infiltrated several discontinued D-LINK routers as well. It is also possible that they might be planning to target other devices and manufacturers too.
Threats like the Beastmode Botnet are a good reminder why users should always make sure to keep all of their Internet-facing devices up-to-date. This includes computers, routers, and all sorts of smart devices. The latter has become the primary target of cybercriminals.