Vigilante Hacker Uses Hajime Malware to Fight with Mirai Botnets

An IoT malware strain named Hajime is found in the last October and it appears to be work of a vigilante who is set out to take over and then neutralise as many smart devices as he can before any other botnet hunters like Mirai can attack them.

While this Hajime was first observed last year, it became apparent recently to the researchers that the maker of this malware had no evil intentions about using the infected devices.

When it was found last October, Hajime only has a self-replication module which allowed it to spread from an IoT device to another IoT device using open and unsecured Telnet ports.

Since then, the researchers didn’t spot a single DDoS module but that was not something noteworthy, as they have just discovered this new threat, and they consider Hajime as an in-dev malware, one that can add DDoS capabilities once it becomes mature.

Hajime becomes mature but never adds a DDoS module

That maturation did not take place, or at least not in the way the researchers have expected.

The initial Rapidity Networks report that unveiled Hajime’s presence to the world also detailed some bugs.

The author of the malware didn’t add a DDoS feature, he didn’t use his botnet to relay some malicious traffic or any other intrusive operation.

Hajime used to secure IoT devices

According to Grange, once Hajime infects a device it blocks access to ports 7547, 23, 5358, and 5555, which are all ports that have been exploited in the past by IoT malware.

After that, the Hajime also contacts its C&C server and returns a cryptographically-signed message once every ten minutes. The message, which is displayed on the device’s terminal, is:

Just a white hat, securing some systems.
Important messages will be signed like this!
Hajime Author.
Contact CLOSED
Stay sharp!

 

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA