Cryptominer Archives

GeoVision Devices Vulnerability Exploited by Botnet Malware

Cryptominer, firewall, GeoVision, Legacy devices, Legacy Software, Mirai botnet, Ophtek, patches, security measures, Updatescryptomining, GeoVision, legacy devices, legacy software, Mirai botnet, OphtekOphtek, LLC

Dec 2024

No software, as GeoVision has recently discovered, is 100% secure from malware, with many applications left exposed by vulnerabilities within their coding.

GeoVision develops and manufactures advanced video surveillance hardware along with the appropriate software for running it. From IP cameras through to eyeball and dome cameras, GeoVision promises to offer state-of-the-art surveillance to strengthen your security. Unfortunately, the discovery of a vulnerability within their software has demonstrated that their products are fa r from the definition of secure.

Let’s dive into what’s happened and the lessons we can take away.

Mirai Malware Strikes at the Heart of GeoVision

Legacy devices, those which are at their end-of-life stage, suffer from security problems due to a lack of updates. Once a product has reached this stage of their lifespan, developers feel it’s uneconomical to continue providing software updates and patches. The best option for consumers is to upgrade to the latest model to ensure their devices remain safe. But many consumers decide, instead, to save a few dollars and continue with their legacy products. And this is when vulnerabilities rear their ugly head.

A vulnerability has been detected in numerous GeoVisions devices – video servers, compact digital video recorders and Linux systems – which allows threat actors to run system commands on the affected devices. Not all vulnerabilities are exploited, but this one – known as CVE-2024-11120 – has already been taken advantage of. Most notably, the Mirai botnet has been detected as active on infected systems. Mirai, typically, is used to facilitate botnet attacks or carry out cryptomining activities – both of which lead to a drop in performance for affected systems.

Close to 17,000 GeoVision devices are at risk of being exploited, with close to half of these being located in the US. Potentially, threat actors could compromise crucial security devices and have a major impact on the security of businesses and their employees. At present, due to the affected devices falling under the end-of-life classification, GeoVision has not announced any plans to update the software running on them.

Navigating the Risks of Exploited Software

All hardware and software reaches a legacy status at some point, and it’s important that your business knows how to approach this. And even the most up-to-date products still require close attention to remain secure. Therefore, make sure you implement the following to keep your IT systems safe:

Install all Updates and Patches: One of your main priorities should be to regularly install all software updates to minimize the risk of vulnerabilities being exploited. These updates can easily be automated and ensure your systems are kept as secure as possible.
Conduct Regular Security Audits: It makes sense to carry out regular security audits to evaluate how secure your IT systems are. This could involve verifying that all default passwords are changed, making sure that your employees receive regular security refreshers, and monitoring network activity for unusual patterns.
Carry Out Basic Security Measures: The simplest methods are often the most effective against malware, so you need to be sure the basics are taken care of. This can range from installing firewalls and security suites on your infrastructure through to partitioning networks and limiting user privileges across your network.

For more ways to secure and optimize your business technology, contact y our local IT professionals.

YouTube Channels Are Being Used to Spread Malware

Cryptominer, malicious videos, malware, NirCmd, Ophtek, redline stealer, YouTubeCryptominer, malicious videos, malware, NirCmd, Ophtek, redline, youtubeOphtek, LLC

Oct 2022

Following the discovering of a malware campaign spreading through YouTube channels, it appears that no corner of the internet is immune from hackers.

It’s increasingly common for businesses to run a YouTube channel as part of their marketing efforts, with over 60% of businesses regularly uploading videos. And with YouTube regularly attracting 5 billion daily video views, you can see why it’s an attractive target for threat actors. Thankfully, you can’t be hacked simply by watching a video on YouTube. However, you do need to consider the legitimacy of each video’s content and, more importantly, how safe the embedded links within these videos are.

How Does YouTube Spread Malware?

This latest threat to online safety appears, at present, to be concentrating on YouTube gaming channels, with a specific focus on those which cover games including Final Fantasy, FIFA and Spider-Man. The malware involved is what’s known as a malware bundle i.e. it contains several different strains of malware, with RedLine being the most dominant piece of malware.

The malware spreads through YouTube by uploading malicious videos to infected channels. These malicious videos may appear to be on-brand with the channel e.g. links to cheats for FIFA, but the payload will actually be the same malware which has infected the channel. Therefore, this malware bundle can spread through numerous niche-specific channels by using the same content.

What Does the Malware Bundle Do?

The malware contained within this attack comprises several different attack methods:

RedLine: the most substantial piece of malware found in the attack, RedLine harvests confidential data from those it infects e.g. downloading login credentials, accessing cryptocurrency wallets and extracting data entered into web browsers.

NirCmd: this application is, in fact, a genuine piece of software, but it’s one which provides the threat actors with a layer of stealth. Once activated, NirCmd conceals the activities of the malware it’s bundled with and makes the attack difficult to identify.

Cryptominer: interestingly, a cryptominer which hijacks the resources of the victim’s graphics card is also included. This is considered interesting as the attack targets gamers, a demographic who are likely to possess powerful graphics cards.

Staying Safe on YouTube

YouTube is a crucial asset in the business world, but this recent attack demonstrates it also carries security risks. Your organization may not run a gaming channel, but it’s likely this template will soon be replicated in other niches. Accordingly, it’s essential that you follow these two important practices:

Doublecheck links: when viewing videos on YouTube, it’s vital that you treat their links in the same way you would in an email. Always hover your mouse over any links (and that includes those in the video description) to reveal the true destination, copy and paste links into Google to highlight any existing concerns and, finally, ask an IT professional to verify them before clicking.
Regularly check your video library: if your organization hosts a YouTube channel, it’s recommended you keep an eye on the videos uploaded to it. The sudden appearance of videos you have no record of uploading may be the only indicator you have that your channel has been hacked.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Category Archives: Cryptominer