Between February and March 2022, a variant of the Mirai botnet known as Beastmode was using newly reported vulnerabilities in TOTOLINK routers to infect unpatched devices and potentially expand its reach.
Fortinet’s FortiGuard Labs Research team said “The Beastmode (aka B3astmode) Mirai-based DDoS campaign has aggressively updated its arsenal of exploits,”
“Five new exploits were added within a month, with three targeting various models of TOTOLINK routers.”
Other exploits targeted by Beastmode include flaws in TP-Link Tapo C200 IP camera (CVE-2021-4045, CVSS score: 9.8), Huawei HG532 routers (CVE-2017-17215, CVSS score: 8.8), video surveillance solutions from NUUO and Netgear (CVE-2016-5674, CVSS score: 9.8), and discontinued D-Link products (CVE-2021-45382, CVSS score: 9.8).
Users are strongly recommended to update their devices to the latest firmware to avoid being taken over by the botnet.
The researchers said “Even though the original Mirai author was arrested in fall 2018, [the latest campaign] highlights how threat actors, such as those behind the Beastmode campaign, continue to rapidly incorporate newly published exploit code to infect unpatched devices using the Mirai malware,”