An advisory has been issued by the Indian Computer Emergency Response Team (CERT-In). It is regarding Mozi, a new malware threatening IoT devices globally. Of the many, a few popular routers affected by Mozi include Huawei, D-Link, Netgear, etc. 

As important as the internet is today for everyone, it is also important to ensure your safety in the virtual world. Taking all necessary precautions to be cyber-safe, what will you do if your router is the one putting your safety at risk. 

That’s right.

If you have an old WiFi router at your place, then its high time that you get a new one or at least give its firmware an update. There’s a malware threatening its safety.

What puts your router at risk?

So, what you need to be worrying about is the Mozi malware. It attacks vulnerable IoT devices like home router & DVRs. What this essentially means is that these devices must be either loosely configured, unpatched or have weak/ default credentials. 

Mozi contains Gafgyt, Mirai and IoT reaper source code, all of which are known as dangerous malware that targets IoT devices. As per the CERT-In advisory, all devices infected by Mozi form a Peer-to-peer botnet (P2P) and utilize a distributed hash table (DHT) in order to communicate with other infected host systems. Thus, Mozi can potentially compromise embedded Linux devices having exposed telnet. 

Also read,

Devices at risk due to Mozi

Though a number of old routers & other IoT devices are at risk of Mozi, the ones at a higher risk as mentioned in the advisory include – 

  • Eir ID 1000 Router
  • Vacron NVR devices
  • Realtek SDK using devices
  • Netgear R7000
  • Netgreal R6400
  • DGN1000 Netgear routers
  • MVPower DVR
  • Huawei Router HG532
  • D-Link devices
  • GPON routers and more. 

How can you ensure your safety?

Since the malware targets a number of IoT devices at once, CERT-In has advised users to keep an eye on any upcoming updates from the OEM of their devices. Whenever the OEM releases an update with the patch for the vulnerability, the users must upgrade at the earliest. In case the device has been infected by the malware, it is suggested that you reset its firmware or restore it from a trustworthy backup.

The CERT-In advisory asks the user to monitor or block UDP traffic from the device to Bit Torrent DHT bootstrap nodes. After this, block outgoing TCP traffic with following destination ports, if not in use – 22, 23, 2323, 80, 81, 5555, 7574, 8080, 8443, 37215, 49152, and 52869.

As technology advance, cyber threats are evolving too. It is important to keep an eye out for updates & patches to ensure your security on the internet. We urge all users to ensure updating their firmware for IoT devices to make sure you don’t fall prey to Mozi.