Persirai IoT Malware Can Turn Chinese IP Cameras Into a Huge Botnet

Not a day goes by without a new type of Internet of Things malware making headlines. Persirai is a malware that shares some similarities with Mirai, and it is currently targeting internet-connected cameras all over the world. Unless the security flaw exposing these devices is fixed, over 100,000 cameras may soon turn into a major botnet.

Persirai Targets Chinese IP Cameras

It is anything but surprising to learn Internet of Things devices remain vulnerable to peculiar exploits. Research indicates one particular Chinese manufacturer has 1,250 camera models, all of which are vulnerable to the new Persirai IoT malware. In fact, it appears this new malware is already infecting devices in China since April of 2017. This is not good news by any means, as this nefarious tool may result in another major botnet executing DDoS attacks in the future.

To be more specific, the malware is purposefully targeting IP cameras designed by this unknown Chinese manufacturer. While it is true the vast majority of these devices are made in China, it seems like the manufacturer in question has some explaining to do when it comes to device security. In the past, similar attacks have successfully abused weak login credentials for administrator access. It is unclear if this is the case here as well, although it does not seem unlikely.

What makes the Persirai malware so dangerous is how it can be used to execute code remotely on the cameras. While IP cameras are not nearly as strong as computers or even smartphones, they are always on and connected to the internet. It is impossible to tell what the assailant hopes to gain from exploiting these devices. Moreover, the question remains whether or not the manufacturer will do something about this problem.

It is expected as many as 120,000 IP cameras are vulnerable to the Persirai malware right now. That number could keep increasing further depending on whether the developers will try to add more functionality to the toolkit in the future. Right now, all signs point toward this malware infecting devices for the sole purpose of creating a DDoS-capable botnet. However, its potential targets remain a mystery for now.

As the name suggests, Persirai shares some similarities to Mirai, the notorious botnet that caused DynDNS to go offline for a few hours several months ago. Mirai’s source code was made open source a while ago, and several new botnet malware clones have sprung up ever since. Persirai is the latest to take a page out of the Mirai playbook, it uses the same function to scan the internet for potentially vulnerable devices.

Luckily, it appears Persirai also has one positive aspect associated with it. Once it successfully infects an IoT device, it ensures no other malware can target the same hardware again. That is, unless the Persirai malware is removed from the device. It is evident IoT malware continues to compete over the same turf, which should effectively result in fewer devices getting hacked.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

Image(s): Shutterstock.com