- Kaspersky warns that many DVR devices are being targeted with malware
- The malware assimilates the device in the botnet, providing DDOS and proxy capabilities
- The victims are scattered all over the world, and seem to have no patch
If you are using TBK DVR-4104, DVR-4216, or any digital video recording device that uses these examples as your base, you may want to keep an eye on your hardware as it is being actively hunted.
Kaspersky’s cyber security researchers have claimed that these devices are seen to be one year old vulnerability, which have been abused to expand the dreaded Mirai Botnet.
In April 2024, security researchers found a command injection defect in the equipment listed above. As InseparableThe defect is tracked as the CVE-2024–3721, and was given a serious score of 6.3/10 (medium). It can be triggered from a distance and the attackers can be provided with complete control at the weak closing point. Immediately after discovery, the defect also exploited a proof-off-concept (POC).
Dressed worldwide
Now, a year later, Kaspersky says that this POC is being used to expand the Mirai Botnet. The attackers are using a bug to leave an Arm32 malware that assimilates the device and gives the owners the ability to run the service (DDOS) attacks, proxy malicious traffic, and more.
Most of the victims are seen to see that China, India, Egypt, Ukraine, Russia, Türkiye and Brazil are located. Although as a Russian company, Kasperki’s products have been banned in many western countries, so its analysis may be somewhat slanting.
The number of potentially weak equipment was more than 110,000 in 2024, and has since fallen to about 50,000. Whereas mostly an improvement, it means that the surface of the attack is rather large.
Usually, when such vulnerability is discovered, a patch is followed soon. However, many media sources are claiming that it is “vague” if the manufacturers patch the bug to the TBK vision.
Cyberinser Report that many third-party brands use these devices as a base for their models, complicating further patch availability, and saying that “it is very likely that for most, there is no patch.”
Some brands are Novo, Cenova, QSEE, Pulnix, XVR 5 in 1, Sekurus, Knight owl, DVR login and others.
Through BlappingCopper
