A new version of the infamous Mirai botnet is exploiting a recently
uncovered critical vulnerability in network-attached storage (NAS)
devices in an attempt to remotely infect and control vulnerable
machines. Called "Mukashi,"
the new variant of the malware employs brute-force attacks using
different combinations of default credentials to log into Zyxel
NAS, UTM, ATP, and VPN firewall products to take control of the devices
and add them to a network of infected bots that can be used to carry out
Distributed Denial of Service (DDoS) attacks.
Multiple Zyxel NAS products running firmware versions up to 5.21 are
vulnerable to the compromise, Palo Alto Networks' Unit 42 global threat
intelligence team said, adding they uncovered the first such
exploitation of the flaw in the wild on March 12.