1 min read

Ttint Is a New IoT Malware Targeting Tenda Routers

Silviu STAHIE

October 06, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Ttint Is a New IoT Malware Targeting Tenda Routers

Security researchers have identified a new Mirai-based IoT malware infecting the Tenda AC15 AC1900 router by using recently revealed 0-day vulnerabilities.

Commercial routers have numerous security problems. Lack of support is one of them, with manufacturers rarely releasing firmware updates. A recent study showed that, on average, routers receive a security update once a year, but it can take even longer.

Security researchers from 360Netlab discovered a new Remote Access Trojan (RAT) based on Mirai, the infamous botnet that wreaked havoc in 2016. Since then, numerous other malware used code from Mirai, including this recently uncovered Ttint.

“The conventional Mirai variants normally focus on DDoS, but this variant is different,” say the researchers. “In addition to DDoS attacks, it implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router DNS, setting iptables, executing custom system commands,” they continue.

Its developer also used the WSS (WebSocket over TLS) protocol to communicate with the command center, allowing it to avoid regular scrutiny that searches for Mirai communications.

Two different Tenda 0-day vulnerabilities (CVE-2018-14558 & CVE-2020-10987) helped the attackers deploy their malware successfully. The timeline shows that threat actors knew about the vulnerabilities because the first signs were detected on November 9, 2019. The official disclosure of the vulnerability came on July 10, 2020.

Criminals had more than six months to infect Tenda routers, but the company has yet to respond to the researchers, let alone release an update. Such botnets only work because router manufacturers don’t fix vulnerabilities, even for devices that are still supported.

Tenda AC15 AC1900 is the affected router, and the only possible mitigation would be to at least reboot the device, but that doesn’t guarantee it won’t be infected again.

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online
Silviu STAHIE

May 13, 2022

2 min read
Mozilla Says Many Health and Prayer Apps Are Pose Security Risks Mozilla Says Many Health and Prayer Apps Are Pose Security Risks
Silviu STAHIE

May 09, 2022

2 min read
$5 Million Worth of Bored Ape NFTs Stolen by Scammers Pretending to Return Gas Fees $5 Million Worth of Bored Ape NFTs Stolen by Scammers Pretending to Return Gas Fees
Silviu STAHIE

May 05, 2022

1 min read