A new variant of the Mirai IoT malware is targeting Zyxel NAS devices. The malware bears the name “Mukashi” and, according to experts, is able to receive C2 commands and start DDoS attacks.
Unit 42, the research department of Palo Alto Networks, warns of a new variant of the infamous IoT malware Mirai. With the “Mukashi” malware, hackers apparently try to infect Zyxel NAS devices that have a specific vulnerability. This is the leak CVE-2020-9054
. The associated proof-of-concept had already been made public last month, the American IT security company said.
According to the experts, Mukashi is a bot that scans the TCP port 23 from random hosts, forces logins with different combinations of standard access data and reports the successful logon attempt to its command and control server. Like other Mirai variants, Mukashi is able to receive C2 commands and start DDoS attacks.
Zyxel NAS with firmware versions up to 5.21 affected
The vulnerability is susceptible to “several, if not all, Zyxel NAS products with firmware versions up to 5.21,” the report said. The hardware manufacturer classifies the vulnerability as “critical” and has published one itself Support post
. Updating the firmware is strongly recommended. Zyxel provides download links to the latest versions in the support post. Security experts at Palo Alto Networks also advise using complex passwords to prevent brute force attacks.