EN
EN DE
EN
EN DE
Contact Us
Sign Up
Topics
Finance & insurance
Trade
Industry
IT & Consulting
Tourism
Transport
Law
Public

New Mirai Botnet Targets Industrial Routers

0
Share:

Security researchers warn of a new variant of the Mirai botnet. Attackers used it for zero-day exploits on industrial routers.

According to security analyses, the Gayfemboy botnet, based on the infamous Mirai malware, is currently spreading around the world. Researchers at Chainxin X Lab found that cybercriminals have been using the botnet to attack previously unknown vulnerabilities since November 2024. The botnet’s preferred targets include Four-Faith and Neterbit branded routers or smart home devices.

In this context, experts from VulnCheck reported at the end of December of a vulnerability in Four-Faith industrial routers (CVE-2024-12856) that was exploited in the wild. The attackers exploited the router’s default credentials to start a remote command injection.

In addition, the botnet has been used for targeted attacks on unknown vulnerabilities in Vimar Neterbit routers and smart home devices. According to Chainxin X Lab, Gayfemboy is used for a total of 20 vulnerabilities and weak telnet passwords. It has a brute force module for insecure telnet passwords, uses custom UPX packing with unique signatures, and implements Mirai-based command structures. This allows the attackers to update clients, scan networks and carry out DDoS attacks.

Targets

According to the researchers, the botnet has been attacking hundreds of targets every day since its discovery in February 2024. The number of daily active bot IPs is 15,000, most of which are located in China, the USA, Russia, Turkey and Iran. The targets of attacks are spread all over the world and affect different industries. The main targets are in China, the United States, Germany, the United Kingdom, and Singapore.

According to Chainxin X Lab, while the botnet’s DDoS attacks are short-lived (between 10 and 30 seconds), they have a high intensity, with the data rate exceeding 100 Gbps and can cause disruption even to robust infrastructures.

Devices at risk

According to the analysis, the botnet’s attacks target the following devices:

  • ASUS routers (via N-Day exploits).
  • Huawei routers (via CVE-2017-17215)
  • Neterbit router (custom exploit)
  • LB-Link router (via CVE-2023-26801)
  • Four-Faith Industrial Routers (via the zero-day now tracked as CVE-2024-12856)
  • PZT cameras (via CVE-2024-8956 and CVE-2024-8957 )
  • Kguard DVR
  • Lilin DVR (via remote code execution exploits)
  • Generic DVRs (using exploits such as TVT editBlackAndWhiteList RCE)
  • Vimar smart home devices (presumably exploiting an unknown vulnerability)
  • Various 5G/LTE devices (likely due to misconfigurations or weak credentials)

Source

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
12:36 am, Apr 20, 2025
weather icon 7°C
L: 6° | H: 9°
scattered clouds
Humidity: 80 %
Pressure: 1008 mb
Wind: 7 mph ENE
Wind Gust: 12 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 32%
Rain Chance: 0%
Visibility: 10 km
Sunrise: 5:53 am
Sunset: 8:04 pm
DailyHourly
Daily ForecastHourly Forecast
Today 10:00 pm
weather icon
6° | 9°°C 0.23 mm 23% 10 mph 87 % 1008 mb 0 mm/h
Tomorrow 10:00 pm
weather icon
8° | 16°°C 0.41 mm 41% 9 mph 95 % 1014 mb 0 mm/h
Tue Apr 22 10:00 pm
weather icon
7° | 15°°C 1 mm 100% 7 mph 85 % 1022 mb 0 mm/h
Wed Apr 23 10:00 pm
weather icon
7° | 9°°C 1 mm 100% 8 mph 96 % 1024 mb 0 mm/h
Thu Apr 24 10:00 pm
weather icon
7° | 15°°C 0.8 mm 80% 7 mph 97 % 1027 mb 0 mm/h
Today 1:00 am
weather icon
7° | 8°°C 0 mm 0% 8 mph 80 % 1008 mb 0 mm/h
Today 4:00 am
weather icon
6° | 7°°C 0 mm 0% 8 mph 79 % 1008 mb 0 mm/h
Today 7:00 am
weather icon
7° | 8°°C 0 mm 0% 9 mph 79 % 1008 mb 0 mm/h
Today 10:00 am
weather icon
13° | 13°°C 0 mm 0% 9 mph 69 % 1007 mb 0 mm/h
Today 1:00 pm
weather icon
15° | 15°°C 0 mm 0% 10 mph 60 % 1007 mb 0 mm/h
Today 4:00 pm
weather icon
13° | 13°°C 0.23 mm 23% 7 mph 75 % 1006 mb 0 mm/h
Today 7:00 pm
weather icon
12° | 12°°C 0 mm 0% 6 mph 80 % 1007 mb 0 mm/h
Today 10:00 pm
weather icon
10° | 10°°C 0 mm 0% 4 mph 87 % 1008 mb 0 mm/h
Weather from OpenWeatherMap
Name Price24H (%)
Bitcoin(BTC)
€74,858.36
0.86%
Ethereum(ETH)
€1,420.55
1.70%
Tether(USDT)
€0.88
0.00%
XRP(XRP)
€1.83
1.05%
Solana(SOL)
€122.44
4.29%
USDC(USDC)
€0.88
0.00%
Dogecoin(DOGE)
€0.138176
-0.29%
Shiba Inu(SHIB)
€0.000011
0.73%
Pepe(PEPE)
€0.000007
3.83%
Risikomonitor
Know and monitor IT vulnerabilities with just one click before it is too late.

Utility link

Useful link

Newsletter

Follow Us

Facebook Twitter Youtube Linkedin

© 2025 risikomonitor.com gmbh

Scroll to Top