ZHtrap Botnet

Years after the Mirai Botnet made news headlines because of its massive reach and ability to execute devastating distributed-denial-of-service attacks, cybercriminals continue to use fractions of Mirai's source code in their custom-built botnets. One of the latest projects to make use of Mirai is called the ZHtrap Botnet. It appears to go after a wide range of devices, including routers and DVRs. So far, cybersecurity experts have recovered ZHtrap Botnet payloads compatible with CPU, MIPS, ARM, and x86 architectures – a sure sign that this botnet has a significant reach.

The modus operandi of the ZHtrap Botnet is very interesting as well because it does not simply harvest the resources of infected devices. It also uses them as honeypots to 'hunt' for other vulnerable devices exposed to the Internet. It also employs another trick that some malware families use – it tries to protect the infected devices from other malware. It achieves this by blocking the execution of new commands and only allows reputable system processes to be launched.

The primary purpose of the ZHtrap Botnet is to execute distributed-denial-of-service attacks but, thankfully, so far the botnet has not reached a large enough size to be able to cause problems for major services and websites.

So far, no DDoS attacks have been executed with the use of the ZHtrap Botnet, but it is probably a matter of time for this to happen. Users should protect their network-enabled devices by applying the latest firmware updates, as well as by ensuring that they are using strong login credentials. Currently, ZHtrap Botnet is targeting well-known vulnerabilities in a large number of CCTV-DVR devices, Netgear DGN1000 routers, MVPower DVR devices, and more.