Categories: Security

Imeij Botnet Malware Targets IoT Cameras

Researchers have discovered malware targeting a security bug in a popular line of Internet-connected cameras, the latest threat affecting poorly protected ‘Internet of Things’ (IoT) gadgets.

Like the Mirai botnet malware that made headlines last year, the Imeij malware targets devices running the Linux operating system.

AVTech targeted

But while Mirai attempts to log into hardware running BusyBox, a set of stripped-down Unix tools, using a list of common passwords, Imeij targets only products made by a single manufacturer – Taiwan’s AVTech, which makes Internet-connected video surveillance equipment.

AVTech’s devices are popular, with the Shodan IoT search engine listing more than 130,000 connected to the Internet, according to computer security firm Search-Lab.

By comparison, researchers have in the past detected powerful denial-of-service attacks launched from a botnet made up of as few as 900 hacked CCTV cameras.

The Hungarian company discovered the vulnerability in question in 2015 but only disclosed it publicly in October of last year, following a year’s worth of attempts to contact AVTech, with no response from the manufacturer.

The bug is now being actively exploited by Imeij, which allows an attacker to take remote control of the device or to make it part of a botnet that can be used to launch malicious attacks, Trend Micro said over the weekend.

CGI bug

The bug affects AVTech devices that support the company’s cloud service, which contain a flawed Common Gateway Interface (CGI) component called CloudSetup.cgi that can be manipulated to execute malicious commands, Search-Lab said.

“Since there is no verification or white list-based checking of the exefile parameter, an attacker can execute arbitrary system commands with root privileges,” the company said in an advisory.

Imeij exploits the bug to trick devices into downloading malware, Trend Micro said.

Attacks are carried out by sending malicious cgi-bin scripts to random IP addresses, according to the company.

“Once the malware is installed onto the device, it gathers system information and network activity data. It can also execute shell commands from the malicious actor, initiate Distributed Denial of Service (DDoS) attacks, and terminate itself,” Trend said in an advisory. “Infected devices also put other devices connected to the same network at risk.”

The company noted that, like the Umbreon rootkit and the LuaBot malware, Imeij targets ARM-based hardware, which is widely used for IoT and mobile devices.

Researchers say users can protect IoT devices with security products that check Internet traffic passing between the router and the devices connected to it.

AVTech did not respond to a request for comment.

Do you know all about security in 2017? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

16 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

17 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

18 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

19 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

22 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

22 hours ago