New version of Echobot uses over 50 exploits to distribute
Echobot IoT Malware is another variation of the famous Mirai malware, discovered by information security experts at Palo Alto Networks in early June 2019.
Akamai experts have already dedicated a detailed report to this threat, from which it became clear that Echobot is following the general trend: the authors of the malware did not bring anything new to the Mirai code, but added new, additional modules to the sources. Currently, the Echobot botnet is used to organize DDoS attacks.
“When Mirai was first released it targeted weak default credentials commonly found in IoT devices. Then variants of Mirai began targeting more dificult vulnerabilities in those devices”, — reported Akamai Larry Cashdollar.
When the Palo Alto Networks researchers first noticed the malware, Echobot used exploits for 18 vulnerabilities. However, soon Akamai experts discovered another variation of Echobot, which had already used 26 different exploits, both old and new. Then the malware attacked various NAS, routers, NVR, IP cameras, IP phones and so on.
Read also: IPhone Bluetooth traffic can disclose phone number information and much more
This week, independent information security specialist Carlos Brendel Alcañiz announced that the authors of Echobot have again expanded their arsenal of malware, and now more than 60 various exploits are available.
“Just a couple hours ago I received an exploit targeting Asus devices. Nothing interesting so far. The “richard” file is a shitty dropper, but the malware is just a bot that propagates itself using 61 different RCE exploits. I guess Richard is trying hard to get popular”, — wrote Carlos Brendel Alcañiz in Twitter.
The expert discovered a new variation of the threat when he noticed code designed to attack vulnerabilities in Asus devices.
The specialist has already published a full list of payloads on PasteBin.
Apparently, malware operators launched various publicly available exploits for long-known vulnerabilities, some of which date back to 2010. At the same time, it cannot be said that attackers concentrated on a certain category of products.