HomeUpdateMost dearest thing to humans, their WiFi, is not left behind by...

Most dearest thing to humans, their WiFi, is not left behind by hackers

-

Last Updated on 10/12/2021 by Nidhi Khandelwal

Dark Mirai (also known as MANGA) has been seen exploiting a new vulnerability on the TP-Link TL-WR840N EU V5, a popular low-cost home router released in 2017.

The weakness is identified as CVE-2021-41653, and it is caused by an insecure ‘host’ variable that can be exploited by an authenticated user to run commands on the device.

Most dearest thing to humans, their WiFi, is not left behind by hackers 1

Threat actors exploited the vulnerability when the researcher who identified it published a proof of concept (PoC) exploit for the RCE.

According to Fortinet researchers who have been tracking Dark Mirai activity, the botnet added the RCE to its arsenal just two weeks after TP-Link released the firmware update.

Process of exploitation

The actors behind Dark Mirai use CVE-2021-41653 to induce devices to download and run a malicious script called “tshit.sh,” which then downloads the main binary payloads via two requests.

The actors must still authenticate in order for this attack to succeed, but if the user has left the device with default credentials, exploiting the vulnerability becomes straightforward.

MANGA, like normal Mirai, detects the architecture of the infected system and retrieves the appropriate payload.

Most dearest thing to humans, their WiFi, is not left behind by hackers 2

Then, to prevent other botnets from gaining control of the captured device, it restricts connections to regularly targeted ports.

Finally, the virus awaits an order from the C&C (command and control) server to launch a denial-of-service (DoS) assault.

Mirai may be no longer active, but its code has spawned a slew of new botnets that are wreaking havoc on unprotected devices.

We just reported on the appearance of ‘Moobot,’ which was made possible by a command injection issue in Hikvision equipment.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -[the_ad id="13487"]

Must Read