Hajime botnet controls nearly 30,000 devices

Hajime, a mysterious IoT botnet, now controls almost 300,000 devices, according to a new report by Kaspersky Lab. The report also states that the botnet's true purpose is still unknown.

Kaspersky says the malware, whose name means "beginning" in Japanese, first appeared in October 2016. Since then it has evolved into a decentralized group of compromised machines that discretely perform either spam or DDoS attacks.

The interesting thing is Hajime does not have an attacking code or capability. It just has a propagation module. It attacks pretty much anything that's connected to the internet. However, it fancies digital video recorders, web-cameras and routers.

It also avoids certain networks: General Electric, Hewlett-Packard, the US Postal Service, the United States Department of Defense, and a number of private networks.

"The most intriguing thing about Hajime is its purpose. While the botnet is getting bigger and bigger, its objective remains unknown. We have not seen its traces in any type of attack or additional malicious activity. Nevertheless, we advise owners of IoT devices to change the password of their devices to one that’s difficult to brute force, and to update their firmware if possible," says Konstantin Zykov, senior security researcher, Kaspersky Lab.

The majority of infected machines reside in Vietnam (more than 20 percent), Taiwan (13 percent) and Brazil (nine percent). These numbers are likely to change as the botnet grows.

To learn more about Hajime, visit the Securelist website.

Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.