- Kaspersky warns that multiple DVR devices are being directed with malware
- Malware assimilates devices in a botnet, giving proxy ddos and capabilities
- The victims are scattered worldwide, and it seems that there is no patch
If you are using TBK DVR-4104, DVR-4216 or any digital video recording device that uses these instances as a base, you may want to monitor your hardware because it is being actively hunted.
Kaspersky’s cybersecurity researchers claim to have seen a one -year vulnerability in these abused devices to expand the dreaded Botnet Mirai.
In April 2024, security researchers found a command injection failure on the aforementioned devices. According to him NVDThe defect is tracked as CVE-2024-3721, and was given a seriously 6.3/10 (medium) score. It can be activated remotely and gives the attackers total control over the vulnerable end point. Shortly after the discovery, the defect also obtained a proof of concept (PIC) exploit.
Victims from all over the world
Now, a year later, Kaspersky says that he saw that this same was used to expand the Mirai botnet. The attackers are using the error to release an ARM32 malware that assimilates the device and gives owners the ability to execute distributed denial attacks (DDOS), malicious traffic of power and more.
Most of the victims that Kaspersky are seeing are in China, India, Egypt, Ukraine, Russia, Türkiye and Brazil. However, as a Russian company, Kaspersky’s products are prohibited in many Western countries, so their analysis could be somewhat biased.
The number of potentially vulnerable devices was more than 110,000 in 2024, and since then it has fallen to around 50,000. While it is definitely an improvement, it still means that the attack surface is quite large.
In general, when a vulnerability like this is discovered, a patch is soon followed. However, multiple media sources claim that it is “unclear” if TBK vision creators repaired the error.
Cyberinsidic He informs that multiple third -party brands use these devices as a basis for their models, further complicating the availability of patches and claim that “it is very likely that for most there is no patch.”
Some of the brands are Novo, Cenova, Qsee, Pulnix, XVR 5 in 1, Securus, Night Owl, DVR Login and others.
Through Bleepingcomputer
