New version of Echobot uses over 50 exploits to distribute

Echobot IoT Malware is another variation of the famous Mirai malware, discovered by information security experts at Palo Alto Networks in early June 2019.

Akamai experts have already dedicated a detailed report to this threat, from which it became clear that Echobot is following the general trend: the authors of the malware did not bring anything new to the Mirai code, but added new, additional modules to the sources. Currently, the Echobot botnet is used to organize DDoS attacks.

“When Mirai was first released it targeted weak default credentials commonly found in IoT devices. Then variants of Mirai began targeting more dificult vulnerabilities in those devices”, — reported Akamai Larry Cashdollar.

When the Palo Alto Networks researchers first noticed the malware, Echobot used exploits for 18 vulnerabilities. However, soon Akamai experts discovered another variation of Echobot, which had already used 26 different exploits, both old and new. Then the malware attacked various NAS, routers, NVR, IP cameras, IP phones and so on.

Larry Cashdollar
Larry Cashdollar

Read also: IPhone Bluetooth traffic can disclose phone number information and much more

This week, independent information security specialist Carlos Brendel Alcañiz announced that the authors of Echobot have again expanded their arsenal of malware, and now more than 60 various exploits are available.

“Just a couple hours ago I received an exploit targeting Asus devices. Nothing interesting so far. The “richard” file is a shitty dropper, but the malware is just a bot that propagates itself using 61 different RCE exploits. I guess Richard is trying hard to get popular”, — wrote Carlos Brendel Alcañiz in Twitter.

The expert discovered a new variation of the threat when he noticed code designed to attack vulnerabilities in Asus devices.

The specialist has already published a full list of payloads on PasteBin.

Apparently, malware operators launched various publicly available exploits for long-known vulnerabilities, some of which date back to 2010. At the same time, it cannot be said that attackers concentrated on a certain category of products.

The researcher said that now Echobot exploits are target both hardware and software solutions, including: routers, cameras, hubs for smart homes, network storage systems, servers, database management software and Zeroshell.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button