Malware Code Behind Satori Made Freely Available on the Internet by Hackers

New Malware Targets Apple Computers

Hackers have managed to release a working code that helps in the exploitation of a zero-day vulnerability of a Huawei router model.  The working code was released for free on Pastebin, according to security researchers. The security researchers from the security firm, NewSky Security, said that the malware targeted the CVE-2017-17215, a vulnerability which is seen in the Huawei HG532 devices. The flaw has already been used in other attacks including the Satori and Brickerbot attacks.

The Satori was used against thousands of IoT devices which were hijacked. Satori, meaning the awakening in Japanese was also used to hijack more than 280,000 IP addresses last year. The Brickerbot was also used last year and was made use of in the Permanent Denial of Service of attacks which were used to destroy the IoT devices by cyber attackers.

The public release of the working code means that other hackers can now easily take advantage, the security researchers warned. Other cyber attackers will attempt to use the code to do their own harm against IoT devices in the future. The researchers believe that hackers will probably do devastating Permanent Denial of Service attacks.

The flaw was first discovered by the security firm, Checkpoint. They made the discovery after a zero-day attack last year by the Satori malware. The security firm then reported the matter to Huawei discreetly so that they could provide a fix.

The principal researcher at NewSky Security, Ankit Anubhav, wrote in a blog post, that the proof of concept that had not been made public was so that attackers could not exploit it. However, with the new release of the working code publicly by the hackers, more attackers by copy-paste botnet masters and script kiddies would be expected.

The security firm also included that they had found the usage of the same exploit on the Brickerbot malware attack which happened in December. This clearly shows that the malware has been with the cyber attackers for a while now. NewSky Security did not release the link to which the malware working code was released to so as to minimize the damage that might be caused.

Thankfully, Huawei has also released a security patch which will be able to protect its devices from the remote code execution flaw.

A Huawei security alert read, “An authenticated attacker could send malicious packets to port 37125 to launch attacks.” Any successful exploit could lead to an execution of the arbitrary code, it continued.

NewSky Security added that it took less time for cyber attackers to use IoT exploits once they became freely available. Attackers could easily use the arsenal in their botnet codes in no time.