Security experts have discovered a new hacking tool dubbed NEW IPCAM EXPLOIT containing a backdoor that is offered on several underground hacking forums.
Now, the security researcher Ankit Anubhav has discovered a new tool containing a backdoor that is offered on several underground hacking forums. The hacking tool is a free PHP script that allows users to scan the Internet for vulnerable IP Cameras running a vulnerable version of GoAhead embedded web-server.
“The market is particularly hot for IoT devices using a vulnerable version of an embedded GoAhead server. This arises due to the fact that there are a large number of IP camera vendors that can be hacked using exploits like CVE-2017–8225, and it is already employed successfully by the IoTroop/Reaper botnet.” wrote the researcher in a blog post.
“On 22nd October 2017, we observed a shady yet popular site that often hosts IoT botnet scripts had a new piece of code to offer. Labeled as “NEW IPCAM EXPLOIT”, this script promised to make the work of script kiddies easy by helping them locate IoT devices that use the potentially vulnerable embedded GoAhead server.”
The NEW IPCAM EXPLOIT IoT scanning script works in four steps:
- The script scans a set of IP addresses looking for GoAhead servers vulnerable to the authentication bypass flaw tracked as CVE-2017-8225. The vulnerability affects Wireless IP Camera (P2P) WIFI CAM devices.
- The script establishes a secret backdoor by creating the user account (username: VM | password: Meme123) on the wannabe cybercriminal’s system. The scammer gains the same toot privileges as of the victim.
- The Script determine the IP address of the wannabe hacker in order to access the compromised systems remotely.
- The script runs a second payload on the victim’s system, in some cases, it installs the Kaiten bot.
Experts from Bleeping computers that made further investigations reported that the author of the script already put online backdoored hacking tools.