InfectedSlurs Unleashed: New Mirai-Based Botnet Exploits Zero-Days

by ·

According to recent data from cybersecurity firm Akamai, researchers have uncovered a new botnet, based on the infamous Mirai malware, named “InfectedSlurs”. This malicious infrastructure employs two zero-day vulnerabilities, effortlessly infecting routers and digital video recorders accessible via the internet.

The activity of “InfectedSlurs” was first observed in October 2023, though it is speculated that the botnet might have been operational since the end of the previous year.

“InfectedSlurs” exploits vulnerabilities to execute remote code (RCE), turning infected devices into nodes of its network for DDoS attacks, presumably for profit generation.

Akamai reports that manufacturers of the affected devices have not yet released patches to rectify these vulnerabilities, leaving the owners of the vulnerable equipment unable to fully protect themselves from this threat.

Analysis of “InfectedSlurs” revealed that the hackers’ attacks were directed at NVR video recorders from a specific manufacturer, not disclosed for security reasons. Similarly, “InfectedSlurs” targets unnamed WLAN routers, popular among both home users and in the hospitality industry.

It is confirmed that “InfectedSlurs” is a variation of Mirai JenX. Its C2 infrastructure supports hailBot operations, and an analysis conducted by experts showed a link between the botnet and a Telegram account of the perpetrators, which had been deleted at the time of reporting.

Since patches for vulnerable devices have not yet been released, experts recommend regularly rebooting vulnerable NVR recorders and routers to temporarily disrupt the botnet’s activities. However, since Akamai did not disclose specific vulnerable brands and models, this action might be futile for 99% of users of such equipment.

Nonetheless, if you possess devices of this type, it would be prudent in the coming weeks to monitor for new software updates and install them as soon as possible. Your equipment might be vulnerable to these hacker attacks.

Tags: