Hajime malware is affecting the Internet of Things devices worldwide


Kaspersky Lab has published the results of its investigation into the activity of Hajime – a mysterious evolving Internet of Things (IoT) malware that builds a huge peer-to-peer botnet. The botnet has recently been propagating extensively, infecting multiple devices worldwide. To date, the network includes almost 300,000 malware-compromised devices, ready to work together, to perform the malware author’s instructions without their victims’ knowledge. Still, Hajime’s real purpose remains unknown.

Hajime, meaning ‘beginning’ in Japanese, showed its first signs of activity in October 2016. Since then, it has been evolving, developing new propagation techniques. The malware is building a huge peer-to-peer botnet – a decentralized group of compromised machines discreetly performing spam or DDoS attacks.

However, there is no attacking code or capability in Hajime – only a propagation module. Hajime, an advanced and stealthy family, uses different techniques – mainly brute-force attacks on device passwords – to infect devices, and then takes a number of steps to conceal itself from the compromised victim. Thus, the device becomes part of the botnet.

Hajime does not exclusively attack a specific type of device, but rather any device on the Internet. Nevertheless, malware authors are focusing their activities on some devices. Most of the targets have turned out to be Digital Video Recorders, followed by web-cameras and routers.

According to Kaspersky Lab researchers, however, Hajime avoids several networks, including those of General Electric, Hewlett-Packard, the US Postal Service, the United States Department of Defense, and a number of private networks.

Infections had primarily come from Vietnam (over 20%), Taiwan (almost 13%) and Brazil (around 9%) at the time of research.

Distribution of Hajime infectors by country
Distribution of Hajime infectors by country

 

Most of the compromised devices are located in Iran, Vietnam and Brazil.

hajime2
Distribution of infected devices by country

Overall, throughout the research period, Kaspersky Lab revealed at least 297,499 unique devices sharing the Hajime configuration.

“The most intriguing thing about Hajime is its purpose. While the botnet is getting bigger and bigger, its objective remains unknown. We have not seen its traces in any type of attack or additional malicious activity.. Nevertheless, we advise owners of IoT devices to change the password of their devices to one that’s difficult to brute force, and to update their firmware if possible,” said Konstantin Zykov, Senior Security Researcher, Kaspersky Lab.

Facebook Comments

TECHTRENDS PODCAST

By Nixon Kanali

Tech journalist based in Nairobi. I track and report on tech and African startups. Founder and Editor of TechTrends Media. Nixon is also the East African tech editor for Africa Business Communities. Send tips to kanali@techtrendsmedia.co.ke.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button