Mirai ‘Beastmode’ variant exploits new vulnerabilities
The Mirai botnet primarily consists of IoT and embedded devices. In 2016, Mirai made national headlines when it used compromised connected devices to defeat several high-profile targets in record-breaking Distributed Denial-of-Service (DDoS) attacks. – Seizure
The original creator of Mirai was arrested in the fall of 2018, but variants that exploit new vulnerabilities continue to appear.
Fortinet security researchers have observed the Beastmode variant and found that it aggressively updates its “arsenal of exploits”. Fortinet researchers found that Beastmode added five new exploits in one month. Three of the exploits use vulnerabilities discovered between February and March 2022 to target various models of TOTOLINK routers:
The Beastmode variant is aimed at several other connected devices:
IP camera TP-Link Tapo C200.
D-Link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L (All discontinued and no updated firmware available.)
Huawei HG532 routers.
NUUO NVRmini2, NVRsolo, and Crystal devices.
NETGEAR ReadyNAS Surveillance products.
“Threat actors such as those behind the Beastmode campaign continue to rapidly incorporate newly published exploit code to infect unpatched devices with the Mirai malware,” a Fortinet researcher wrote. “By constantly monitoring the evolving threat landscape, FortiGuard Labs researchers have identified new vulnerabilities exploited by Mirai variants and malware targeting IoT devices to ensure greater awareness of these threats and networks to better secure our customers.”