Nexcorium Malware Exploits IoT Devices via Mirai Variant for DDoS Attacks
Severity: High (Score: 67.5)
Sources: Scworld, Thehackernews
Summary
A new malware named Nexcorium has emerged, targeting Internet of Things (IoT) devices globally. This malware is a variant of the infamous Mirai malware, specifically designed to create a botnet for large-scale distributed denial of service (DDoS) attacks. Nexcorium primarily exploits security vulnerabilities in TBK DVR-4104 and DVR-4216 models, leveraging CVE-2024-3721, a command injection flaw. Attackers gain unauthorized access to these devices and execute malicious code, utilizing brute-force techniques and a list of default passwords to compromise additional network-connected devices. The malware is noted for its multi-architecture compatibility and robust persistence mechanisms, making it challenging to eradicate. Experts stress the importance of continuous adversarial testing to identify and mitigate risks associated with such overlooked devices. The situation is evolving, with security professionals urged to enhance their defenses against this sophisticated threat. Key Points: • Nexcorium is a new malware variant of Mirai, targeting IoT devices for DDoS attacks. • It exploits CVE-2024-3721, a command injection vulnerability in specific TBK DVR models. • The malware employs brute-force techniques and self-replication, complicating removal efforts.