Like the original Mirai botnet, V3G4 infects IoT devices by exploiting default data login credentials such as usernames and passwords.
The IT security researchers at Palo Alto Networks’ Unit 42 have identified a new variant of the infamous Mirai malware, which was responsible for several large-scale DDoS attacks (Distributed Denial of Service attacks) on Dyn DNS in October 2016.
Dubbed V3G4 by researchers, it is a type of malware that specifically targets Internet of Things (IoT) devices. Like the original Mirai botnet, V3G4 infects IoT devices by exploiting default data login credentials such as usernames and passwords.
In the campaign tracked by Unit 42, one of the prime targets of the V3G4 malware has been exposed IP cameras. The malware uses the exposed servers and devices to create a powerful botnet, which can be used to launch DDoS attacks or perform other malicious activities, such as stealing data or installing additional malware.
According to Unit 42’s report, researchers observed the V3G4 malware leveraging several vulnerabilities to spread its infection from July to December of 2022. These vulnerabilities include the following:
Researchers also noted that within the botnet client, there is a stop list of process names that it endeavours to eliminate by cross-checking the names of currently running processes on the targeted host. These process names are associated with other botnet malware families and have previously identified different variants of Mirai.
This should not come as a surprise, as there have been several Mirai variants that have surfaced over the years. Some of them included MooBot, Demonbot, OMG, and several others.
The vulnerabilities mentioned above have less attack complexity than previously observed variants, but they maintain a critical security impact that can lead to remote code execution.
Palo Alto Networks – Unit 42
To protect against V3G4 and other IoT malware, it is important to follow best practices for securing IoT devices. This includes changing default usernames and passwords, keeping software up to date with the latest security patches, and disabling unnecessary services and protocols. Network segmentation can also help to contain the spread of malware if a device is infected.