Mirai Variant V3G4 Targets 13 IoT Vulnerabilities

February 16, 2023

A recent variant of the Mirai malware, V3G4, has been observed targeting 13 Internet of Things (IoT) vulnerabilities to ensnare devices into a botnet. Starting July 2022, the malware was used in multiple attack campaigns, likely by the same threat actor, based on the used hardcoded command-and-control (C&C) domains, malware downloaders, XOR decryption key, identical functions, and a ‘stop list’. The targeted vulnerabilities, which include CVE-2012-4869, CVE-2014-9727, CVE-2017-5173, CVE-2019-15107, CVE-2020-15415, CVE-2020-8515, CVE-2022-26134, CVE-2022-36267, and CVE-2022-4257, have less attack complexity than previously observed variants, but maintain a critical security impact that can lead to remote code execution.

Once the attacker gains control of a vulnerable device, they could take advantage by including the newly compromised devices in their botnet to conduct further attacks such as DDoS, as noted by Palo Alto Networks: “Once the attacker gains control of a vulnerable device in this manner, they could take advantage by including the newly compromised devices in their botnet to conduct further attacks such as DDoS.” To protect against such threats, organizations are advised to ensure that all devices in their environments are patched against known vulnerabilities, that they are protected using strong, unique passwords, and that unused ports and services, which are often targeted by cybercriminals, are either blocked or not accessible from the internet.

Latest News

• Arris Routers Vulnerable to Remote Code Execution
• Fortinet Releases Security Updates for FortiNAC and FortiWeb
• SolarWinds Patches High-Severity Vulnerabilities
• ProxyShellMiner Exploits Microsoft Exchange Vulnerabilities
• CISA Adds Four Security Vulnerabilities to Known Exploited List