300,000 obeying devices: Hajime is conquering the Internet of Things world

Kaspersky Lab has published the results of its investigation into the activity of Hajime - a mysterious evolving Internet of Things (IoT) malware that builds a huge peer-to-peer botnet.

The botnet has recently been propagating extensively, infecting multiple devices worldwide. To date, the network includes almost 300,000 malware-compromised devices, ready to work together, to perform the malware author's instructions without their victims' knowledge. Still, Hajime's real purpose remains unknown.

Hajime, meaning 'beginning' in Japanese, showed its first signs of activity in October 2016. Since then, it has been evolving, developing new propagation techniques. The malware is building a huge peer-to-peer botnet - a decentralized group of compromised machines discreetly performing spam or DDoS attacks.

However, there is no attacking code or capability in Hajime - only a propagation module. Hajime, an advanced and stealthy family, uses different techniques - mainly brute-force attacks on device passwords - to infect devices, and then takes a number of steps to conceal itself from the compromised victim. Thus, the device becomes part of the botnet.

Hajime does not exclusively attack a specific type of device, but rather any device on the Internet. Nevertheless, malware authors are focusing their activities on some devices. Most of the targets have turned out to be Digital Video Recorders, followed by web-cameras and routers.

According to Kaspersky Lab researcher show ever, Hajime avoids several networks, including those of General Electric, Hewlett-Packard, the US Postal Service, the United States Department of Defense, and a number of private networks.

Infections had primarily come from Vietnam (over 20 percent), Taiwan (almost 13 percent) and Brazil (around nine percent) at the time of research.

"The most intriguing thing about Hajime is its purpose. While the botnet is getting bigger and bigger, its objective remains unknown. We have not seen its traces in any type of attack or additional malicious activity. Nevertheless, we advise owners of IoT devices to change the password of their devices to one that's difficult to brute force, and to update their firmware if possible," said senior security researcher Kaspersky Lab, Konstantin Zykov.