A new Internet of Things (IoT) threat has been uncovered by security firm Trend Micro.
Dubbed Persirai, it has reportedly been infecting particular Chinese-made wireless cameras for around a month, according to Trend.
What's more, owners of affected cameras are unlikely to know that they have been affected, which the security firm says "makes it significantly easier for the perpetrators behind the malware to gain access to the IP Camera web interface via TCP Port 81".
It continues: "IP cameras typically use Universal Plug and Play (UPnP), which are network protocols that allow devices to open a port on the router and act like a server, making them highly visible targets for IoT malware," warned the researchers.
Once a hacker logs into the interface, he or she can then carry out a command to force the IP camera to connect to a download site to download and execute malicious shell scripts. After the samples are downloaded, the Persirai malware deletes itself and runs only in memory.
"After receiving commands from the server, the IP camera will then start automatically attacking other IP cameras by exploiting a zero-day vulnerability that was made public a few months ago," Trend Micro notes.
"Attackers exploiting this vulnerability will be able to get the password file from the user, providing them the means to do command injections regardless of password strength."
Trend Micro warns that owners of a Chinese-made wireless camera should be on guard and should make sure that they are not using the default password.
However, the real problem is the maker of these cameras, the security firm adds.
"The burden of IoT security does not rest on the user alone — it's also dependent on the vendors themselves, as they should be the ones responsible for making sure that their devices are secure and always updated," Trend Micro concludes.
Electronics and computer chain the latest high street retailer to fall into difficulties
Incisive Media and Investec Asset Management supported fundraiser crosses Atlantic in 40 days
Alphabet's health sciences division Verily have been messing with AI algorithms
North Korea's cyber attack capabilities are expanding fast - and turning their fire on a wider range of targets