A new mysterious malware that builds a vast peer-to-peer botnet to infect the Internet of Things (IoT) worldwide has been identified with almost 300,000 devices under its control, ready to perform a large-scale DDoS attack. ‘Hajime’, meaning ‘beginning’ in Japanese, was identified by Russia-based cyber security firm Kaspersky Lab and has recently been propagating extensively, infecting multiple devices worldwide. But ‘Hajime’s real purpose still remains a mystery. Also Read - Is your phone infected with malware? Here's how to find outAlso Read - Over 10 million Android users affected with GriftHorse malware: Delete these apps now
“The most intriguing thing about Hajime is its purpose. While the botnet is getting bigger and bigger, its objective remains unknown. We have not seen its traces in any type of attack or additional malicious activity,” said Konstantin Zykov, Senior Security Researcher, Kaspersky Lab, in a statement on Thursday.
The IoT malware showed its first signs of activity in October 2016 and since then it has been evolving and developing new propagation techniques. ‘Hajime’ does not exclusively attack a specific type of device, but rather any device on the internet. ALSO READ: 3,19,000 users experienced financial malware attacks in Q4 2016: Kaspersky report
According to Kaspersky, Hajime uses brute force attacks on device passwords and then takes a number of steps to conceal itself from the compromised victim. It has been found that most of the targets are digital video recorders, web-cameras and routers. But ‘Hajime’ avoids several networks, including those of the US Department of Defense, General Electric and Hewlett-Packard. ALSO READ: Drone-jacking, file-less malware to increase in 2017: Symantec
“Nevertheless, we advise owners of IoT devices to change the password of their devices to one that’s difficult to brute force, and to update their firmware if possible,” Zykov added.
The source of infection was primarily found to come from Vietnam, Taiwan and Brazil.