Connect with us

Hajime malware is affecting the Internet of Things devices worldwide

CYBER SECURITY

Hajime malware is affecting the Internet of Things devices worldwide

Kaspersky Lab has published the results of its investigation into the activity of Hajime – a mysterious evolving Internet of Things (IoT) malware that builds a huge peer-to-peer botnet. The botnet has recently been propagating extensively, infecting multiple devices worldwide. To date, the network includes almost 300,000 malware-compromised devices, ready to work together, to perform the malware author’s instructions without their victims’ knowledge. Still, Hajime’s real purpose remains unknown.

Hajime, meaning ‘beginning’ in Japanese, showed its first signs of activity in October 2016. Since then, it has been evolving, developing new propagation techniques. The malware is building a huge peer-to-peer botnet – a decentralized group of compromised machines discreetly performing spam or DDoS attacks.

However, there is no attacking code or capability in Hajime – only a propagation module. Hajime, an advanced and stealthy family, uses different techniques – mainly brute-force attacks on device passwords – to infect devices, and then takes a number of steps to conceal itself from the compromised victim. Thus, the device becomes part of the botnet.

Hajime does not exclusively attack a specific type of device, but rather any device on the Internet. Nevertheless, malware authors are focusing their activities on some devices. Most of the targets have turned out to be Digital Video Recorders, followed by web-cameras and routers.

According to Kaspersky Lab researchers, however, Hajime avoids several networks, including those of General Electric, Hewlett-Packard, the US Postal Service, the United States Department of Defense, and a number of private networks.

Infections had primarily come from Vietnam (over 20%), Taiwan (almost 13%) and Brazil (around 9%) at the time of research.

Distribution of Hajime infectors by country

Distribution of Hajime infectors by country

 

Most of the compromised devices are located in Iran, Vietnam and Brazil.

hajime2

Distribution of infected devices by country

Overall, throughout the research period, Kaspersky Lab revealed at least 297,499 unique devices sharing the Hajime configuration.

“The most intriguing thing about Hajime is its purpose. While the botnet is getting bigger and bigger, its objective remains unknown. We have not seen its traces in any type of attack or additional malicious activity.. Nevertheless, we advise owners of IoT devices to change the password of their devices to one that’s difficult to brute force, and to update their firmware if possible,” said Konstantin Zykov, Senior Security Researcher, Kaspersky Lab.

Leave a comment

Nixon is a Trained Journalist interested in all things Tech & Business. Also a Public Relations (PR) person, Founder & Editor of TechTrendsKE. For pitches or story ideas, drop me an E-Mail at nickcanali@gmail.com or call +254 727 503 198.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in CYBER SECURITY

WATCH & SUBSCRIBE TO 24BIT TV

LISTEN TO OUR LATEST PODCAST ON 24BIT HERE

Latest News

Subscribe to our mailing list

* indicates required

Send us a Direct Message

To Top