Nexcorium malware targets IoT devices, leverages Mirai variant for DDoS attacks

Coverage from HackRead indicates a new malware, Nexcorium, has emerged, posing a significant threat to smart devices globally. This sophisticated threat is an evolution of the notorious Mirai malware, specifically engineered to construct a botnet by compromising Internet of Things (IoT) devices for large-scale distributed denial of service (DDoS) attacks.Nexcorium primarily targets video recording boxes for security cameras, particularly TBK DVR-4104 and DVR-4216 models, due to their inherent security weaknesses and infrequent updates. Attackers exploit CVE-2024-3721, a command injection vulnerability, to gain unauthorized access and execute malicious code. The malware exhibits multi-architecture compatibility, making it adaptable to various processors. It employs robust persistence mechanisms, including self-replication across multiple folders and automatic task setup, making it difficult to remove. To expand its reach, Nexcorium utilizes a comprehensive list of default passwords and brute-force techniques to compromise other network-connected devices, aiming to bolster its botnet for launching DDoS attacks.Experts emphasize that continuous adversarial testing, mirroring real-world attacker behavior, is essential for organizations to effectively identify and mitigate risks beyond traditional security scanning, especially for devices often overlooked in security assessments.Source:HackRead