A new Internet of Things (IoT) threat has been uncovered by security firm Trend Micro.
Dubbed Persirai, it has reportedly been infecting particular Chinese-made wireless cameras for around a month, according to Trend.
What's more, owners of affected cameras are unlikely to know that they have been affected, which the security firm says "makes it significantly easier for the perpetrators behind the malware to gain access to the IP Camera web interface via TCP Port 81".
It continues: "IP cameras typically use Universal Plug and Play (UPnP), which are network protocols that allow devices to open a port on the router and act like a server, making them highly visible targets for IoT malware," warned the researchers.
Once a hacker logs into the interface, he or she can then carry out a command to force the IP camera to connect to a download site to download and execute malicious shell scripts. After the samples are downloaded, the Persirai malware deletes itself and runs only in memory.
"After receiving commands from the server, the IP camera will then start automatically attacking other IP cameras by exploiting a zero-day vulnerability that was made public a few months ago," Trend Micro notes.
"Attackers exploiting this vulnerability will be able to get the password file from the user, providing them the means to do command injections regardless of password strength."
Trend Micro warns that owners of a Chinese-made wireless camera should be on guard and should make sure that they are not using the default password.
However, the real problem is the maker of these cameras, the security firm adds.
"The burden of IoT security does not rest on the user alone — it's also dependent on the vendors themselves, as they should be the ones responsible for making sure that their devices are secure and always updated," Trend Micro concludes.
Open source solutions provider makes acquisition in bid to shore up cloud development tools business
Aims to "end data bottlenecks"
Looking to boost your career in IT? Here are the best-earning roles out there!
The BlackBerry KeyOne is a strange device that brings the best of BlackBerry and Android together in a Qwerty-equipped package, but it won't be for everyone