Kaspersky Lab recently published its research into Hajime and its unknown end goal. So far, this malware has focused its attention on DVRs, webcams, and routers, but it is capable of attacking any device on the internet. Using a brute-force attack on device passwords, Hajime infects the device, and then conceals itself from the victim. Compromised devices can then be used by Hajime’s creator without the victim’s knowledge.
While a majority of these compromised devices are located in Iran, Vietnam, and Brazil, Kaspersky Lab suggests that IoT owners change their passwords to something more difficult to guess through brute force. Additionally, owners should update their firmware if needed.
First signs of Hajime appeared in October 2016 and it has since developed new ways of spreading. Instead of containing attack code, this malware only contains a propagation module. As it takes over a device, it adds it to an existing peer-to-peer botnet. This network of compromised devices is then used for spam or DDoS attacks.
There are a few networks that Hajime has avoided. These include General Electric, Hewlett-Packard, the U.S. Postal Service, the United States Department of Defense, and a few private networks.
“The most intriguing thing about Hajime is its purpose,” said Konstantin Zykov, senior security researcher at Kaspersky Lab. “While the botnet is getting bigger and bigger, its objective remains unknown. We have not seen its traces in any type of attack or additional malicious activity.”
Full details about this research are available on the firm’s SecureList blog.
- What is Wi-Fi Direct? Here’s everything you need to know
- Hackers taking advantage of coronavirus scare to spread malware
- 5 of the best antivirus solutions for your small business in 2020
- Microsoft Defender antivirus software to roll out to iOS, Android this year
- Attacks from Chinese hacking group have spiked, U.S. firm says