The Mirai Botnet changed the botnet landscape, and, sadly, its legacy is likely to live on forever. More and more people have Internet-connected devices of all kinds in their homes – smart TVs, AC units, smart refrigerators, etc. While this new technology is magnificent, it is also a goldmine for cybercriminals, especially because of the relatively lax security policies that this hardware has. Often, their owners do not take their network security seriously, and they end up using outdated firmware, vulnerable software, or even the default login credentials – huge security flaws.
Mukashi is one of the most recent projects that was created by using the open-source code of the Mirai Botnet. Unlike Mirai, Mukashi targets a very limited pool of devices. In fact, it just goes after one hardware type – network-attached storage (NAS) devices produced by Zyxel. To infect these devices, the Mukashi Botnet uses the CVE-2020-9054 vulnerability that affected over 100 million devices when it was first described – of course, Zyxel released a security update that fixed the issue, but there are still tens of thousands of vulnerable Zyxel-made NAS devices. It is important to note that the list of targets of the Mukashi could be expanded by its operators easily, and they may opt to go after other Internet-enabled hardware. If a botnet is not looking to exploit a specific vulnerability, it usually uses a brute-force attack to guess the administrator account's login credentials.
Just like Mirai, the primary purpose of the Mukashi Botnet is to execute Distributed-Denial-of-Service (DDoS) attacks – it can execute these attacks by abusing the TCP or UDP protocols
Preventing the Mukashi Botnet from affecting your network can be done by ensuring that your Zyxel-made hardware uses the latest firmware, as well as all of your Internet-enabled devices are using secure login credentials.