Persirai malware – IP cameras all across the world compromised


Trend Micro has revealed that a number of malware families are targeting vulnerable IP cameras as hackers build more sophisticated viruses to fight against the increasing security measures with which manufacturers are responding.

The four malware families

As you may remember, it was recently reported that a malware named Persirai had been attacking numerous IP cameras with record-breaking Distributed denial-of-service (DDoS) attacks in 2016.

Since then, three other malware families have emerged with each one competing for space by blocking the other. These malware families according to Trend Micro’s blog post include: –

– DrvHelper

– Mirai

– The Moon

Each malware family, once in the system, prevents the other from entering the compromised device.

Credit: Trend Micro
Related  Forget Mirai, IoT Devices are being Destroyed by Brickerbot Attacks


Let us begin by Persirai, as this was the first in line to have launched a DDoS attack on quite a large scale. Essentially, the malware works by exploiting certain vulnerabilities in IP cameras that let an attacker get admin privileges and hence launch an attack accordingly.

The vulnerability lets an attacker obtain a victim’s admin password and use this to inject and command malware. Since the attacker already has access, he/she can easily execute arbitrary code to launch attacks.

Trend Micro reports that around 64% of IP cameras tracked in the US, Japan, Taiwan and Korea were infected by Persirai putting it ahead of all other malware families.


Mirai is another interesting malware with unique features that already emerged in cyberspace even before Persirai. It was discovered in August 2016 when it too, launched one of the biggest DDoS attacks ever to be seen.

However, developers of Mirai published its code in the wild making it easier for other hackers and developers to improve upon the malware family.


It was not long after the code was published that attackers developed an enhanced version of Mirai. This time, DvrHelper came with better immunity against the security protocols built to restrain Mirai. This even included bypassing as an anti-DDoS solution.

The Moon

Last but not the least, the moon appeared on the show as far back as in 2014, making it precede all other malware families mentioned above.

TrendMicro researchers identified newer versions of the Moon in which there are different binaries for different vulnerabilities. Also, there are certain iptables rules which allow The Moon to prevent any other malware invading its space once it has launched itself on a specific machine.

Related  BlackNurse Attack Can Bring an Entire Business Offline with Just One Laptop

According to Kenny Lu Tim Yeh Dove Chiu of Trend Micro:

“Looking at the data from infected devices from the United States, Japan, Taiwan and Korea, we see that Persirai is the clear frontrunner. However, the landscape is constantly changing and many vulnerable IP cameras are still exposed to the internet. With the success of these four families, other developers might be releasing their own IP camera-targeting malware and the results could be completely different very soon.”

How to protect yourself?

There is no denying the fact that malware attacks have become pervasive to the extent that is almost unrestrainable. Nonetheless, users can still protect their IP cameras by having stronger passwords and following best standards to create one.

But given that Persirai can easily crack such strong passwords, a more robust precaution is to disable any plug-and-play routers connected to your IP camera. Also, manufacturers need to be more careful with their software and regularly launch updates to provide better security.


Please enter your comment!
Please enter your name here

Questo sito usa Akismet per ridurre lo spam. Scopri come i tuoi dati vengono elaborati.