Nexcorium Malware Targets IoT Devices Using Mirai Variant for DDoS Attacks
Severity: High (Score: 69.5)
Sources: Cybersecuritynews, Scworld, Securityaffairs.Co, Thehackernews
Summary
A new malware variant named Nexcorium has emerged, exploiting vulnerabilities in TBK DVR systems to create a botnet for large-scale DDoS attacks. This malware is a variant of the infamous Mirai botnet and primarily targets video recording devices, particularly the TBK DVR-4104 and DVR-4216 models, which have known security flaws. Attackers leverage CVE-2024-3721, a command injection vulnerability, to gain unauthorized access and execute malicious code. Nexcorium is capable of multi-architecture compatibility and employs robust persistence mechanisms, making it difficult to eradicate. The malware also utilizes brute-force techniques and a list of default passwords to compromise additional network-connected devices. Experts stress the importance of continuous adversarial testing to identify and mitigate risks associated with overlooked IoT devices. The threat is particularly significant given the increasing number of IoT devices that lack proper security measures. Key Points: • Nexcorium exploits CVE-2024-3721 in TBK DVR systems for DDoS botnet creation. • The malware targets specific models of video recording devices and outdated TP-Link routers. • Continuous adversarial testing is essential for organizations to mitigate risks from IoT vulnerabilities.