A new version of Mirai Malware Botnet is exploiting a command injection vulnerability in TBK DVR -4104 and DVR -4216 digital video recording devices to kidnap them.
Defended, tracked under Cve-2024-3721A command injection is manifested by the security researcher “Natakfish“In April 2024.
The proof-off-concept (POC) at that time came as a specially designed post request as a weak closing point, which receives shell command execution through manipulation of certain parameters (MDB and MDC).
Kaspersky Now report The active exploitation of CVE-2024-3721 in its Linux Honeypots from a new Mirai Botnet variant was caught using Netsecfish’s POC.
The attackers take advantage of exploitation to release an ARM32 malware binary, which establishes communication with the command and control (C2) server to list the device in a boteta flock. From there, the device is used to probably deny the distributed service (DDOS) attacks, proxy malicious traffic and other behavior.
Source: Kasperki
Attack effect and improvement
Although Netsecfish reported last year that around 114,000 internet-wishes were unsafe for DVR-2024-3721, Kaspersky’s scans show about 50,000 exposed equipment, which is still important.
Most infections are associated with Russian Cyber Security Firm the latest Mirai variant impact China, India, Egypt, Ukraine, Russia, Türkiye and Brazil. However, it is based on Kaspersky’s telemetry, and as it is banned on its consumer security products in many countries, it may not accurately reflect the targeting focus of the botnet.
Currently, it is not clear whether the seller, TBK Vision has issued security updates to address the CVE -2024–3721 defects or if it remains unplaced. Bleepingcomputer contacted TBK to ask about this, but we are still waiting for their response.
It is worth noting that DVR-4104 and DVR-4216 have been branded on a large scale under Novo, Cenova, QSEE, Pulnix, XVR 5 in 1, Securus, Night Owl, DVR Login, HVR Login, and MDVR brands, hence the availability of a complication for the affected devices.
The researcher revealing the TBK Vision Flaw discovered other flaws, promoting exploitation against the end of life last year.
In particular, Netsecfish has revealed a backdoor account issue and a command injection vulnerability in 2024, affecting thousands of EOL D-Link devices in 2024.
A few days after the disclosure of POC, active exploitation was detected in both cases. This shows how soon the malware writers include public exploits in their arsenal.
Patching meant complex scripts, long and endless fire drills. No more.
In this new guide, the tines break down how it is leveling with modern organ automation. Patch fast, reduce overhead, and focus on strategic tasks – no complex script is required.
