The Mirai botnet is one of the most significant botnets to have ever been active, having hijacked over 500,000 IoT (Internet-of-Things) devices worldwide. With the boom of smart devices of all kinds, IoT botnets like the Mirai project are becoming more and more popular. Unfortunately, most IoT devices are very vulnerable to cyber attacks, and hackers were quick to spot this. Users often overlook the security of their IoT devices, use weak passwords, and fail to update their firmware regularly. All this contributes to the vulnerability of IoT devices to cyber crooks.
The code of the infamous Mirai Botnet is available online freely, and many cybercriminals have taken advantage of it. One of the newest projects based on the Mirai botnet is called Mukashi. So far, the reach of the Mukashi botnet is very limited. This is because the Mukashi botnet only targets NAS (Network Attached Storage) devices manufactured by the company Zyxel. To compromise and hijack the targeted devices, the Mukashi botnet utilizes a vulnerability called CVE-2020-9054. This vulnerability was present on over 100 million devices when it was spotted first. Since then, the Zyxel company has made sure to release a patch for the vulnerability. However, since many users do not apply regular updates to the software of their IoT devices, it is likely that there are still tens of thousands of devices that remain vulnerable. Even if a botnet is not looking for a specific vulnerability to exploit, it may try to obtain the login credentials via a brute-force attack.
The goal of the Mukashi botnet is to carry out DDoS (Distributed-Denial-of-Service) attacks against certain targets. The Mukashi botnet appears to utilize UDP and TCP protocols to execute the DDoS attacks.
If you have a Zyxel IoT device, make sure you apply the latest updates to its firmware to avoid falling victim to the Mukashi botnet.