A new malware that targets Linux-based Internet of Things (IoT) devices has been detected by Search-Lab, a Security research and development firm. This Linux ARM malware called as ELF_IMEIJ.A exploits a vulnerability in devices from AVTech, a surveillance technology company.
ELF_IMEIJ.A has drawn attention from Trend Micro who says that it is similar to the deadly Mirai and attacks defenseless IoT devices, in this case, cameras, CCTV equipment, and network recorders that support the AVTech cloud.
Linux operating systems which have been the preferred by Internet of Things (IoT) manufacturers continue to see focused security threats owing to their higher deployment in smart systems across many different industries. ELF_IMEIJ.A joins a group of recently discovered Linux malware that exploits the ARM platform on Linux devices. ARM is widely used for IoT and mobile devices, making it a necessary hurdle for attackers targeting these devices.
ELF_IMEIJ.A arrives via RFIs in cgi-bin scripts. A remote attacker sends a request to random IP addresses and attempts to take advantage of the vulnerability.
Specifically, it exploits CloudSetup.cgi, the reported AVTech CGI Directory vulnerability, to execute a command injection that triggers the malware download. The attacker tricks the device into downloading the malicious file and changes the file’s permissions to execute it locally.
Once this Linux malware is installed onto the device, it gathers system information and network activity data. It can also execute shell commands from the malicious actor, initiate Distributed Denial of Service (DDoS) attacks, and terminate itself. Infected devices also put other devices connected to the same network at risk.
Submitted by: Arnfried Walbrecht