The infamous Hide ‘N Seek botnet is now targeting vulnerabilities in home automation solutions, network security firm Fortinet says.
First observed in January this year, the botnet originally targeted home routers and IP cameras, and had a decentralized, peer-to-peer architecture. By May, the malware had infected over 90,000 unique devices and was targeting far more device types and architectures.
Earlier this month, Qihoo 360’s NetLab researchers revealed that the malware also included exploits for AVTECH webcams and Cisco Linksys routers, along with support for OrientDB and CouchDB database servers.
Fortinet new reports that the latest version of the malware has a configuration made up of 110 entries and 9 exploits. More importantly, Fortinet’s security researchers reveal, Hide ‘N Seek has added an exploit for a HomeMatic Zentrale CCU2 remote code execution vulnerability.
The malware implemented the exploit less than a week after it became public, and the same happened with the exploit for the Apache CouchDB remote code execution flaw, Fortinet reveals. The malware also targets a remote code execution in the Belkin NetCam devices.
HomeMatic is a provider of Smart Home devices from the German manufacturer eQ-3. The botnet is targeting the system’s central element, which provides control, monitoring, and configuration options for all HomeMatic devices. This may be the moment when malware starts hacking your house.
“[Hide ‘N Seek] has been aggressively adding exploits and targeting more platforms and devices to increase its propagation scope. Utilizing freshly released PoC exploits to its arsenal increases the chance for it to be the first to infect these vulnerable devices,” Fortinet notes.
The security researchers also say they expect the threat to add more functions in future iterations, as well as to expand usage of publicly available exploits.
Related: Hide ‘N Seek IoT Botnet Can Infect Database Servers
Related: Hide ‘N Seek IoT Botnet Can Survive Device Reboots

More from Ionut Arghire
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- Apria Healthcare Notifying 2 Million People of Years-Old Data Breaches
- European Cybersecurity Firm Sekoia.io Raises $37.5 Million
- GitLab Security Update Patches Critical Vulnerability
- Android App With 50,000 Downloads in Google Play Turned Into Spyware via Update
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
