A new Internet of Things (IoT) threat has been uncovered by security firm Trend Micro.
Dubbed Persirai, it has reportedly been infecting particular Chinese-made wireless cameras for around a month, according to Trend.
What's more, owners of affected cameras are unlikely to know that they have been affected, which the security firm says "makes it significantly easier for the perpetrators behind the malware to gain access to the IP Camera web interface via TCP Port 81".
It continues: "IP cameras typically use Universal Plug and Play (UPnP), which are network protocols that allow devices to open a port on the router and act like a server, making them highly visible targets for IoT malware," warned the researchers.
Once a hacker logs into the interface, he or she can then carry out a command to force the IP camera to connect to a download site to download and execute malicious shell scripts. After the samples are downloaded, the Persirai malware deletes itself and runs only in memory.
"After receiving commands from the server, the IP camera will then start automatically attacking other IP cameras by exploiting a zero-day vulnerability that was made public a few months ago," Trend Micro notes.
"Attackers exploiting this vulnerability will be able to get the password file from the user, providing them the means to do command injections regardless of password strength."
Trend Micro warns that owners of a Chinese-made wireless camera should be on guard and should make sure that they are not using the default password.
However, the real problem is the maker of these cameras, the security firm adds.
"The burden of IoT security does not rest on the user alone — it's also dependent on the vendors themselves, as they should be the ones responsible for making sure that their devices are secure and always updated," Trend Micro concludes.
Australian government to require technology and communications companies to provide access to messages
New bill avoids demanding 'backdoors' in encryption, but includes measures to compel companies to provide access to encrypted communications
Indonesian overclocker Ivan Cupa (with the aid of a lot of liquid nitrogen) achieves record overclock on AMD's latest Threadripper
Ssupermassive black hole is so big it corresponds to four per cent of the galaxy's total mass
Imminent attack will target a single bank with cloned cards used to fraudulently withdraw millions over one weekend