The Mirai malware, first discovered in 2016, has been a persistent threat in the cybersecurity space. This malware infects smart devices (IoT), turning them into remotely controlled bots that are used to launch distributed denial of service (DDoS) attacks.

Although Mirai had been dormant for some time, it was detected again in July 2024. Now, with the appearance of the Murdoc_Botnet, Qualys has shown that Mirai continues to evolve and pose a significant danger.

Sergio Pedroche, Country Manager of Qualys Iberia, explains that “Mirai malware takes advantage of security problems in IoT devices, allowing it to convert the collective power of millions of devices into botnets with a global reach.” This ability of Mirai to form massive botnets underscores the need for advanced technologies to provide proactive defense against such threats.

Mirai’s Murdoc_Botnet

During a routine analysis, the Qualys research team discovered the active Murdoc_Botnet campaign, involving more than 1,300 IP addresses. This campaign affects devices such as AVTech cameras and Huawei routers, specifically the HG532 model. Using the Qualys EDR (Endpoint Detection & Response) system, along with open source and threat intelligence (OSINT) data, Qualys experts confirmed that Murdoc_Botnet is a Mirai variant.

Murdoc_Botnet employs known exploits, such as CVE-2024-7029 and CVE-2017-17215, to inject payloads into devices. The infection flow is based on ELF and ShellScript files, which are loaded onto the device, allowing the C2 server to install the botnet. More than 100 sets of servers have been identified as responsible for communicating with the compromised IPs.

Security Recommendations

To protect yourself, the Qualys Threat Research Unit recommends the following measures:

  • Periodic Monitoring: Regularly monitor for suspicious processes, events and network traffic generated by the execution of any untrusted binary or script.
  • Caution with Shell Scripts: Be cautious when running shell scripts from unknown sources.
  • Systems and Firmware Update: Keep systems and firmware up to date with the latest versions and patches available.