Friday, November 27, 18:09
Home security Mirai Malware: Uses C&C server in Tor to prevent detection

Mirai Malware: Uses C&C server in Tor to prevent detection

miraiThe Mirai is one of the most famous maliciously software, targeting and production Appliances, such as IP cameras and DVRs. The goal is gaining full control of these devices. It malware exploits vulnerable ports, default credentials and various vulnerabilities. It then adds the devices to a botnet network.

In the current attack, the researchers found that the hackers have placed one cοmmand and control (C & C) server on the Tor network. They had not seen this in any of the previous versions of Mirai.

Using Tor helps to avoid detection.

A Trend Micro researcher has discovered a sample of four C&C servers with 30 hard-coded IP addresses. The sample was isolated from them researchers in a sandbox environment and studied.

Researchers after their study confirmed that the hackers had actually used Tor network.

Contamination procedure

The new version of Mirai scans the 9527 and 34567 TCP ports in order to find unprotected IP cameras and DVRs so that hackers can get remote access devices.

After scanning, hackers use regular or default codes access to access infected devices.

Researchers at Trend Micro have discovered a DdoS command sent from the C&C server via a UDP flood attack to a specific IP address.

The attackers decided to place the C & C server on Tor to avoid tracking their IP address.

Researchers also discovered another distribution server. Apparently, hackers designed the new version of Mirai to attack multiple networks. Experts recommend simple users and businesses to update the systems and their devices with the latest patches. Also, the default must be changed credentials and replace them with more complex and powerful passwords and yes implement multiple authentication systems to avoid such attacks.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


COVID-19 vaccines: North Korea hacks drugs

South Korea, to be precise, its intelligence service, has thwarted North Korea's efforts to invade South Korean companies ...

Drupal: Security updates to deal with exploits

The developers of the Drupal content management system (CMS) have released emergency security updates due to the availability of some exploits, which can put in ...

How to disable "Get even more out of Windows" in Windows 10

Does it bother you that "Get even more out of Windows" appears every time you update to Windows 10? May be...

The US military is investigating "telepathic" communication technology

The U.S. Army Research Bureau is funding a new study on how brain signals could ...

Canon acknowledged the ransomware attack in August

About three months later, Canon publicly confirmed the ransomware attack it suffered in early August, which affected servers ...

Hackers love expired domains

Sometimes, website owners do not want to continue to have a domain name and allow it to ...

Word: How to add the same text to multiple documents with one link

Microsoft Word makes it easy to add the same text to multiple documents. This is especially convenient for text with special formatting, the ...

Black Friday: Cybercriminals are monitoring your shopping

Due to the conditions that have emerged from the pandemic of COVID-19, the online shopping will be particularly high on Black Friday and ...

US fertility: Ransomware attack on the largest fertility network in the USA!

US Fertility, the largest fertility network in the US, announced that some of its systems were encrypted in an ransomware attack that ...

Phishing attack pretends to be an invitation to a Zoom meeting

A massive phishing attack has been going on since yesterday, pretending to be an invitation to a meeting at Zoom.