A new mysterious malware that builds a vast peer-to-peer botnet to infect the Internet of Things (IoT) worldwide has been identified with almost 300,000 devices under its control, ready to perform a large-scale DDoS attack.
‘Hajime’, meaning ‘beginning’ in Japanese, was identified by Russia-based cyber-security firm Kaspersky Lab and has recently been propagating extensively, infecting multiple devices worldwide. But ‘Hajime’s real purpose still remains a mystery.
“The most intriguing thing about Hajime is its purpose. While the botnet is getting bigger and bigger, its objective remains unknown. We have not seen its traces in any type of attack or additional malicious activity,” said Konstantin Zykov, Senior Security Researcher, Kaspersky Lab, in a statement on Thursday.
The IoT malware showed its first signs of activity in October 2016 and since then it has been evolving and developing new propagation techniques.
‘Hajime’ does not exclusively attack a specific type of device, but rather any device on the Internet.
According to Kaspersky, Hajime uses brute force attacks on device passwords and then takes a number of steps to conceal itself from the compromised victim.
It has been found that most of the targets are digital video recorders, web-cameras and routers.
But ‘Hajime’ avoids several networks, including those of the US Department of Defense, General Electric and Hewlett-Packard.
“Nevertheless, we advise owners of IoT devices to change the password of their devices to one that’s difficult to brute force, and to update their firmware if possible,” Zykov added.
The source of infection was primarily found to come from Vietnam, Taiwan and Brazil.