June 9, 2025 By Pierluigi Paganini
A new variant of the Mirai botnet exploits CVE-2024-3721 to target DVR systems, using a new infection method.
Researchers from Russian cybersecurity firm Kaspersky discovered a new variant of the Mirai botnet that exploits a command injection vulnerability (CVE-2024-3721) in TBK DVR-4104 and DVR-4216 digital video recording devices.
During a review of the logs in their Linux honeypot system, the researchers noticed a suspect POST request linked to the potential exploitation of CVE-2024-3721.
“The request contains a malicious command that is a single-line shell script which downloads and executes an ARM32 binary on the compromised machine.” reads the analysis.
“Typically, bot infections involve shell scripts that initially survey the target machine to determine its architecture and select the corresponding binary. However, in this case, since the attack is specifically targeted at devices that only support ARM32 binaries, the reconnaissance stage is unnecessary.”