Softpedia >News >Security
Softpedia Homepage   

Vigilante IoT Worm Hajime Infects 300,000 Devices

Hajime is becoming quite the botnet and it would be dangerous for it to go dark, if the hacker decides to flip it

Apr 27, 2017 21:46 GMT  ·  By
An alleged white hat is behind Hajime
   An alleged white hat is behind Hajime

Hajime, the IoT worm that's supposedly trying to block rival botnets, including the famous and mighty Mirai, has reportedly compromised some 300,000 devices already. 

The data comes from Kaspersky Lab, and it shows the impressive magnitude of this worm that was apparently built by a vigilante white hat. The rapidly spreading IoT worm fights against the likes of Mirai for control of the products, closing off some ports that are normally exploited by it.

While this is great news, it's still a worrying fact that such a worm is spreading so fast because the code allows the creator to change its purpose quite easily. This means the hacker has the ability to go from white hat to black hat without too much trouble.

Hajime takes advantage of security flaws in IoT devices that have not had their username and password combinations changed from the factory default.

Hajime's history

It was first discovered back in October 2016 by Rapidity Networks, but it has only attracted attention recently as it started spreading faster and faster. It seems the Hajime worm infects a lot of DVRs, webcams, and routers right now.

Most of infections seem to have happened in Vietnam, Taiwan, and Brazil, with the three countries making up over 40% of the affected devices.

Hajime seems to be more resilient than Mirai, security researchers say, mostly due to the fact that some of its features, like the peer-to-peer control network and the hidden processes, make it harder to interfere with the operation.

As mentioned, there is currently no attacking code or capability in Hajime, but that does not mean it cannot be altered.

"The most intriguing thing about Hajime is its purpose. While the botnet is getting bigger and bigger, its objective remains unknown. We have not seen its traces in any type of attack or additional malicious activity. Nevertheless, we advise owners of IoT devices to change the password of their devices to one that's difficult to brute force, and to update their firmware if possible," advised Konstantin Zykov, senior security researchers at Kaspersky Lab.

Hajime is certainly something that we all need to keep an eye on. Whether it manages to "save" the IoT industry or it flips to the dark side, it's worth tracking it.