Hakai IoT botnet infects popular router brands

null

Security researchers have identified a new IoT botnet that has recently made its presence known online after lying dormant for months online.

The Hakai IoT botnet, named after the Japanese word for destruction, was first discovered in June by security researchers at NewSky Security. The first version of this new IoT botnet was based on the IoT malware strain Qbot that leaked online several years ago. 

Security researcher at NewSky Security, Ankit Anubhav told ZDNet that the first version of the botnet was unsophisticated and rarely active. However, the author of the botnet initially wanted publicity and requested that Anubhav cover it.

The Hakai botnet then began to takeover user devices in July using the CVE-2017-17215 vulnerability to infect Huawei Hg352 routers. By August though, the botnet gained the attention of other security researchers as it began to spread to even more devices including D-Link routers using the HNAP protocol as well as Realtek routers and IoT devices.

In addition to taking advantage of exploits, the Hakai botnet also included a Telnet scanner which it used to take control of devices that did not have their default passwords changed. Intezer Labs also recently reported that it had discovered two separate Hakai-based variants named Kenjiro and Izuku that were also spreading online.

The Hakai IoT botnet has grown significantly and now poses a serious threat to users and their devices worldwide. However, its author is no longer seeking the publicity he once was following the arrest of Nexus Zeta who ran the another IoT botnet called Satori.

We will likely hear more of the Hakai IoT botnet as its spread online continues and security researchers work to stop it.

Image Credit: Chesky / Shutterstock