A hacker has released the working code for Satori malware over the holiday season as a freebie for cyberattackers seeking to target Huawei devices or bolster botnets.
According to NewSky Security principal researcher Ankit Anubhav, the malware’s code was released on Pastebin over the holiday season.
Satori, based on the Japanese word for “awakening,” is nothing new but has recently hit the headlines after a variant of the malware was used to create a series of strong botnets based on the more infamous Mirai IoT botnet malicious code.
While Mirai variants generally scan IoT devices for weaknesses and the use of default credentials, Satori exploits known vulnerabilities in Huawei devices, including CVE-2017-17215.
The malware has already been weaponized in the Satori and Brickerbot botnets, and according to NewSky Security, the release of working code for Satori is likely to result in copy-paste botnet creators and script kiddies taking advantage.
CVE-2017-17215 is a vulnerability present in Huawei HG532 home routers. The bug was due to a poorly-implemented local network configuration which allowed attackers to exploit a device and remotely execute code, including delivering the Satori malware payload.
If products are not patched they are still vulnerable to this exploit and potentially may end up enslaved in new botnets.
“IoT attacks are becoming modular day by day,” the researchers say. “When an IoT exploit becomes freely available, it hardly takes much time for threat actors to up their arsenal and implement the exploit as one of the attack vectors in their botnet code.”
Check Point researchers believe a threat actor called “Nexus Zeta” is behind the code — although there is no current connection to the release — who in a relatively recent Hack Forums post expressed interest in Mirai botnet compiling.
Mirai’s record-breaking botnet which launched devastating distributed denial-of-service (DDoS) attacks on websites, social media platforms, and bank networks, among others, has shown us how powerful botnets can be — and all it takes is us to patch our home devices to neuter them.
Previous and related coverage
- Hackers use Triton malware to shut down plant, industrial systems
- UK firms ‘stockpile’ Bitcoin to pay off ransomware hackers
- Forever 21 investigation reveals malware presence at some stores