Dark Mirai Botnet Targets TP-LINK TL-24840N Routers

botnet

The Dark Mirai Botnet is one of the many variations of the Mirai Botnet, which has been a threat to IoT devices for the past five years. While the original project has been dead for a long time, the publicly available source code continues to be used by malware operators. The Dark Mirai Botnet is just one of many projects doing this.

This botnet specializes in distributed-denial-of-service (DDoS) attacks, and it has recently added a new exploit to its collection of attack techniques. This particular vulnerability affects a TP-LINK router, which was released in 2017 – the TL-WR840N EU V5. The vulnerability is already patched in the latest firmware update for the hardware but, unfortunately, many users are still running an outdated version.

The vulnerability, classified as CVE-2021-41653, allows remote code execution for authenticated users. The criminals are using it to run a bash script, which would download the final payload. In addition to this, the script makes modifications to the router's configuration in order to block specific ports, therefore preventing other botnets from infecting it. It is important to add that the Dark Mirai Botnet can only take over devices that are using the default login credentials – this vulnerability is unusable without administrator credentials.

Once the implant is running, the criminals can control it remotely, commanding it to execute a DDoS attack. It appears that the Dark Mirai Botnet has no other use, and the criminals are using it exclusively to take services and websites offline. Protecting your devices from the Dark Mirai Botnet and similar threats can be done by using the latest available firmware, and choosing a secure password for all accounts with escalated privileges.

December 10, 2021
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.