The researchers first discovered this new strain earlier this year and now it is being used in a new IoT botnet targeting smart signage TVs and wireless presentation systems.
The authors of the botnet have spent a great deal of time upgrading older versions of the Mirai malware with new exploits and according to Palo Alto Networks, this new Mirai botnet uses 27 exploits with 11 that are completely new to Mirai altogether.
Mirai’s built-in list of default credentials has also been expanded by the botnet operator to allow the malware to more easily gain access to devices that use default passwords. In total, four new username and password combinations have been added according to a new report from Palo Alto Network’s Unit 42.
This new Mirai botnet is intended to infect IoT devices with exposed Telnet ports through the use of default credentials which many hardware makers continue to leave unchanged despite the security risks they pose.
While previous botnets using the Mirai malware have targeted routers, modems, security cameras and DVRs, the latest one is intentionally targeting smart signage TVs and wireless presentation systems, specifically LG’s Supersign TVs and the WePresent WiPG-1000 wireless presentation system.
Both of these exploits have been available online for some time but this is the first instance researchers have seen of them being weaponized.
To avoid having your devices fall victim to the Mirai botnet, it is recommended that you only use devices from trusted manufacturers and immediately change the default passwords on those devices.