- TBK DVRs and four Faith routers carry out known security defects
- The faults have been used to build Mirai Botnet in the past, and are now used to build Rondodox too
- Users are invited to Patcher, firewall or replace vulnerable termination points
A new malicious botnet, called Rondodox, is under construction right now, potentially targeting thousands of products worldwide.
Cybersecurity researchers from Fortinet Fortiguard Labs, who said they saw several vulnerabilities in various digital video recorders (DVR) and routers exploited to create the Botnet.
The vulnerabilities in question are followed under the name of CVE-2024-3721 and CVE-2024-12856. These two were found in the digital video recorders TBK, the DVR-4104 and DVR-4216 models, as well as in the Routers Quatre-Foit, the F3X24 and F3X36 models.
Defend your ending points
According to Bleeping CompomputeThe faults have already been exploited by threat actors building the infamous Botnet Mirai. They are popular among cybercriminals because these devices are often used in retail stores, warehouses, small offices and similar places, where “they are often not suitable for years”.
As such, they are first -rate targets – easy to compromise and active for years without corrective or updates.
Cybercriminals love to build boots. A network of compromise devices, from routers to intelligent home devices, can be used for all kinds of harmful activities, distributed service denial attacks (DDOS), with residential proxy services that can be rented.
In fact, Rondodox seems to be used for furtive proxies, hiding command and control traffic (C2) for even more malicious activities. It is also used to execute diaper scams or to amplify DDOS-For-Hire campaigns.
It is also good enough to stay hidden, say the researchers, trying to usurp game traffic.
“To escape detection, he disguises malware by emulating popular games and platforms such as Valve, Minecraft, Dark and Darker, Roblox, Dayz, Fortnite, GTA, as well as tools like Discord, Openvpn, Wireguard and Raknet,” said Fortinet.
“Beyond game and chat protocols, Rondodox can also imitate personalized traffic from real-time tunneling and communication services, including Wireguard, OpenVPN Variants (for example, OpenVPNAUTH, OpenVPNCRYPT, OPENVPNTCP), Stun, DTLS and RTC.”
As usual, to defend themselves against these threats, users must ensure that their routers and DVRs have updated firmware and solid and personalized passwords. If they are no longer supported by their suppliers, they must be replaced by new models. In addition, if possible, the devices should be disconnected from the public internet or placed behind a firewall.
Via The Hacker News
