The IT security community is quite active in exposing cyber criminals developing malware to conduct malicious activities. The malware like Mirai and Bashlike aka LizKebab are already busy infecting millions of Internet of Things (IoT) devices and conducting DDoS attacks worldwide.

Now, security firm Trend Micro discovered that an IoT malware, called Persirai is infecting a number of surveillance cameras manufactured by a Chinese firm whose name has not yet been revealed.

How does Persirai work?

The malware infects the devices by exploiting a vulnerability that is present in these cameras. The flaw lets an attacker use the vulnerability to gain remote access to the wireless cameras and virtually take control of the devices.

Also, the malware works by infecting a number of cameras at once so as to form a botnet and then launches a Distributed Denial of Service (DDoS) attack which leads to a complete shutdown of the website that has been attacked as such. Up till now, reports have shown that around 1200 cameras have been found to contain the flaw and there are possibly 120,000 cameras which can be exploited through Persirai.

What exactly is Persirai?

Although there is not much to be known about this IoT malware, security researchers, however, say that the malware seems to have some code which is similar to Mirai – another malware which has been responsible for affecting IoT devices such as CCTV cameras, DVRs, Internet routers, etc.

The number of countries having cameras infected with Persirai malware. Image Source: Shodan / Via: Trend Mirco.

No DDoS attacks have been reported yet

It seems that the Malware has not been used to its full potential since no DDoS attacks have been reported for which Persirai is responsible. One theory for such an odd behavior is that the creators of the Malware might still be testing it.

It is also possible that the creators wanted to reveal the vulnerabilities in the cameras and as such, it was nothing more than an instant of ethical hacking. Nevertheless, given that the vulnerability is already known and can be exploited as long as the cameras are out there, there is no telling as to when or who might exploit the flaw and launch an attack.

The course of action

As of now, the security firm Trend Micro is contacting and trying to collaborate with the vendors of all the infected cameras and is trying to fix the problem. Until the issue is completely fixed, no name will be revealed as to who is the producer of these cameras.

What you can do to protect yourself

Given that there is no information as to which cameras are infected, the best way to protect yourself if you own a camera is to create a firewall and disable any access to the malware’s command and control centers. Also, change the default login credential of your IoT devices right now.


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Jahanzaib Hassan