Wednesday, November 6, 2024
HomeBotnetHajime Worm wrestle with Mirai Botnet to Control of your IoT Devices

Hajime Worm wrestle with Mirai Botnet to Control of your IoT Devices

Published on

Malware protection

[jpshare] Hajime Worm First Discovered on  October  2016 and it used to spreads via unsecured devices with self-replication module that have open Telnet ports and use default passwords.

Hajime Worm Battle with Mirai Botnet indicate that ,Hajime was specifically created to protect against Mirai .

According to Symantec  ,Unlike Mirai, which uses hardcoded addresses for its command and control (C&C) server, Hajime is built on a peer-to-peer network.

- Advertisement - SIEM as a Service

“There isn’t a single C&C server address, instead the controller pushes command modules to the peer network and the message propagates to all the peers over time”

After contacts  C&C server address , it returns a cryptographically-signed message every ten minutes. The message, which is displayed on the device’s terminal .

Just a white hat, securing some systems.
Important messages will be signed like this!
Hajime Author.
Contact CLOSED
Stay sharp!

The malware’s Author didn’t include a DDoS highlight, didn’t utilize his botnet to malicious traffic activity, or some other nosy operation.

Hajime is also stealthier and more advanced in comparison to Mirai. Once on an infected device, it takes multiple steps to conceal its running processes and hide its files on the file system.

Hajime Replicating  Quickly:

According to the Symantec  Tracking Report, past Few month it spreading very fast and Target the DVRs, CCTV systems, and other poorly-protected Internet of Things (IoT) devices.

                                           Image Credits: Symantec

Symantec Researcher ,Waylon Grange said, ,once Hajime infects a device it blocks access to ports 23, 7547, 5555, and 5358, which are all ports that have been exploited in the past by IoT malware.

Once Hajime Hide its file in infected systems,The author can open a shell script to any infected machine in the network at any time, and the code is modular, so new capabilities can be added .

Doesn’t have (DDoS) capabilities :

Reason Behind of the worm, it does not have any distributed denial of service capabilities .

For the past six months, Hajime has been using its self-replication module to fight with Mirai and other IoT botnet for control over IoT devices.

Hajime is an enemy of  Mirai Botnet:

Hajime was specifically created to protect against Mirai ,All pieces of information indicate the conclusion that Hajime was made to specifically attack Mirai, and  reduce the number of devices Mirai can infect.

Hajime Act as White Hat and powerful than Mirai .These white worms is that they usually turn out to have a short lifespan.

Symantec Said ,”To have a lasting effect, the firmware would need to be updated. It is extremely difficult to update the firmware on a large scale because the process is unique to each device and in some cases is not possible without physical access.”

Also Read:

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

ClickFix Exploits GMeet & Zoom Pages to Deliver Sophisticated Malware

A new tactic, "ClickFix," has emerged. It exploits fake Google Meet and Zoom pages...

APT36 Hackers Attacking Windows Deevices With ElizaRAT

APT36, a sophisticated threat actor, has been actively targeting Indian entities with advanced malware...

Hackers Using AV/EDR Bypass Tool From Cybercrime Forums To Bypass Endpoints

Researchers uncovered two previously unknown endpoints with older Cortex XDR agents that used to...

Hackers Created 100+ Fake Web Stores To Steal Millions Of Dollars From Customers

The Phish, 'n' Ships fraud operation leverages, compromised websites to redirect users to fake...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Russia-Linked Hackers Attacking Governmental And Political Organizations

Two pro-Russian threat actors launched a distributed denial-of-service (DDoS) attack campaign against Japanese organizations...

ErrorFather Hackers Attacking & Control Android Device Remotely

The Cerberus Android banking trojan, which gained notoriety in 2019 for its ability to...

GorillaBot Emerged As King For DDoS Attacks With 300,000+ Commands

The newly emerged Gorilla Botnet has exhibited unprecedented activity, launching over 300,000 DDoS attacks...