InfectedSlurs Botnet Exploits Zero-Day RCE Vulnerabilities

computer bot botnet

Akamai has identified a recently discovered Mirai-based DDoS botnet called InfectedSlurs, actively taking advantage of two zero-day vulnerabilities to infect routers and video recorder (NVR) devices.

Although the researchers detected the botnet in October 2023, they suspect its activity dates back to at least 2022. Despite reporting the two vulnerabilities to the respective vendors, the fixes are scheduled for release in December 2023.

In October, Akamai's Security Intelligence Response Team (SIRT) observed unusual activity directed at the company's honeypots, specifically targeting an infrequently used TCP port.

The analysis published by Akamai reveals that in late October 2023, a slight increase in activity on their honeypots targeting a rarely utilized TCP port was spotted. Until November 9, 2023, the targeted devices were unidentified, and the probing involved low-frequency attempts. The method involved initiating authentication via a POST request, followed by command injection exploitation upon successful authentication.

Akamai refrained from disclosing the names of affected vendors. The researchers found that the bot also utilized default admin credentials to install Mirai variants. Further investigation into the campaign revealed that the bot targets wireless LAN routers designed for hotels and residential applications.

InfectedSlurs Based on JenX

InfectedSlurs is rooted in the JenX Mirai malware variant, which, in 2018, used the Grand Theft Auto videogame community to infiltrate devices. Akamai asserts that the InfectedSlurs code closely resembles that of the original Mirai botnet.

The experts noted that the variant employed in the October 2023 campaign shares the same functions and memory locations as a Mirai variant used in April 2023. Additionally, other botnets, including the hailBot Mirai variant, utilized the Command and Control (C2) infrastructure employed in this campaign. The researchers also identified references to some C2 infrastructure from a deleted Telegram user in the notorious DDoS marketplace channel DStatCC.

Akamai's SIRT is collaborating with CISA/US-CERT and JPCERT to notify vendors of the impacted devices. In an effort to allow vendors time to implement patches, detailed information is not being publicly disclosed. However, due to the active exploitation of these vulnerabilities, the report includes Snort and YARA rules to assist defenders in identifying exploit attempts and potential infections in their environments.

By Zaib
November 23, 2023
Computer Security
English
November 23, 2023
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Adware

Weather Zero Acts as Adware

Weather Zero is the name of a Windows application that supposedly gives you weather information. In reality, it behaves like adware, displaying unwanted and intrusive, but also potentially dangerous ads on your... Read more

August 15, 2022
Malware

Sysrv-hello Botnet

The Sysrv-hello Botnet is a malicious project, which has been tracked closely by cybersecurity researchers since December 2020. The criminals behind this campaign are aiming to install a cryptocurrency miner on... Read more

April 26, 2021
Malware

EwDoor Botnet Focuses on DDoS Attacks

The EwDoor Botnet is a relatively new project, which appears to be active in the United States. Although the project appears to have been online for just a few months, its creators are taking advantage of a very old... Read more

December 1, 2021
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.