The Mozi malware mainly targets home routers and DVRs which are either unpatched, loosely configured or have weak/default telnet credentials. “It consists of source code from Gafgyt, Mirai, and IoT Reaper; malware families which are targeting IoT devices. Mozi could compromise embedded Linux devices with an exposed telnet. The infected devices form a peer-to-peer (P2P) botnet and use a distributed hash table (DHT) to communicate with other infected host systems,” said CERT-In in its advisory.
Affected devices include Eir D1000 Router, Vacron NVR devices, devices using the Realtek SDK, Netgear R7000 and R6400, DGN1000 Netgear routers, MVPower DVR, Huawei Router HG532, D-Link devices, GPON routers and others.
CERT-In is advising users to update their devices with patches as and when released by respective OEM of devices. If devices are found infected, it is recommended to reset device firmware or restore it from trusted backup. “Monitor or block UDP traffic from the device to Bit Torrent DHT bootstrap nodes. Block outgoing TCP traffic with destination ports 22, 23, 2323, 80, 81, 5555, 7574, 8080, 8443, 37215, 49152, and 52 ..
Support the originator by clicking the read the rest link below.