Pen testing
C2
Hajime is a smart malware that targets IoT devices and is a decentralized p2p botnet. Unlike other botnets, it seems to be securing infected devices so they can’t be compromised by other malware. Despite its wide spread, the purpose of Hajime is still unknown.
Hajime scans the internet for devices with Telnet services and default or weak credentials. Once in, it uses p2p for command and control, so it’s more resistant to takedown compared to traditional botnets that rely on central servers.
Capabilities and Behavior
Written in C, Hajime is modular and can receive updates and new features over time. It doesn’t have a payload to launch attacks like DDoS. Instead, it seems to be propagating itself and securing the devices it infects, maybe to prevent other malware from exploiting them.
Current Status and Impact
As of 2017, Hajime had infected nearly 300,000 devices worldwide, with most of the infections in Iran, Brazil, and Vietnam. The creator is unknown and no malicious activities have been attributed to it so far, so the purpose of Hajime is still a mystery.
No variants of Hajime have been found. The malware itself is a unique one with no offshoots.
Disable default credentials on all IoT devices and use unique strong passwords.
Update device firmware regularly to patch known vulnerabilities.
Segment the network to isolate IoT devices from critical systems.
Monitor for unusual network traffic.
Hajime affects IoT devices which are present in various industries such as manufacturing, logistics and smart home. Any sector that uses IoT devices with default or weak security is at risk.
The creator of Hajime is unknown. Some researchers think it might be a vigilante hacker who wants to secure IoT devices from other malware but this is unconfirmed.
