Login
Login

Hajime (malware)

{{Short description|Computer malware}}

{{Infobox Software

| name = Hajime{{cite web | url=http://www.securityweek.com/mysterious-hajime-botnet-grows-300000-iot-devices-kaspersky | title=Mysterious Hajime Botnet Grows to 300,000 IoT Devices: Kaspersky | publisher=securityweek.com | date=April 26, 2017 | accessdate=14 October 2017 | author=Arghire, Ionut}}

| logo =

| screenshot =

| caption =

| collapsible =

| author =

| developer =

| released =

| latest release version =

| latest release date =

| latest preview version =

| latest preview date =

| programming language = C{{cite web | url=http://news.softpedia.com/news/hajime-iot-worm-considerably-more-sophisticated-than-mirai-509423.shtml | title=Hajime IoT Worm Considerably More Sophisticated than Mirai | publisher=Softpedia | date=October 18, 2016 | accessdate=13 October 2017 | author=Cimpanu, Catalin}}

| operating system = Linux{{cite web | url=https://www.pcworld.com/article/3190182/security/iot-malware-clashes-in-a-botnet-territory-battle.html | title=IoT malware clashes in a botnet territory battle | publisher=PC World | date=April 17, 2017 | accessdate=13 October 2017 | author=Kan, Michael}}

| platform =

| size =

| language =

| status =

| genre = Botnet{{cite web | url=https://www.theregister.co.uk/2017/04/27/hajime_iot_botnet/ | title=Mysterious Hajime botnet has pwned 300,000 IoT devices | publisher=The Register | date=27 April 2017 | accessdate=14 October 2017 | author=Leyden, John}}

| license =

| website =

}}

Hajime (Japanese for "beginning") is a malware which appears to be similar to the Wifatch malware in that it appears to attempt to secure devices.{{cite web | url=https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=d7cadaf3-4bd7-440c-a6e7-a2ea386b0670&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments | title=Hajime worm battles Mirai for control of the Internet of Things | publisher=Symantec | date=18 April 2017 | access-date=13 October 2017 | author=Grange, Waylon}}

Hajime is also far more advanced than Mirai, according to various researchers.{{cite web | url=http://securityaffairs.co/wordpress/58151/malware/hajime-iot-malware.html | title=Symantec is monitoring the Hajime IoT malware, is it the work of vigilante hacker? | publisher=securityaffairs.co | date=April 20, 2017 | accessdate=13 October 2017 | author=Paganini, Pierluigi}}

The top countries infected by the malware were Iran, Brazil, Vietnam, Russia and Turkey, followed by India, Pakistan, Italy and Taiwan.{{cite web |title=300,000 obeying devices: Hajime is conquering the Internet of Things world |url=https://www.kaspersky.com/about/press-releases/2017_300000-obeying-devices-hajime-is-conquering-the-internet-of-things-world |website=kaspersky.com |language=en |date=26 May 2021}}

Malware

Hajime is a worm according to sources which have placed research on the subject.{{cite web |url= http://news.softpedia.com/news/iot-malware-hajime-fights-against-mirai-tries-to-secure-devices-515037.shtml |title= IoT Malware Hajime Fights Against Mirai, Tries to Secure Devices |publisher= Softpedia |date= April 21, 2017 |accessdate= 13 October 2017 |author= Vatu, Gabriela}}

It appears to have been discovered as early as October 2016.{{cite web |url= http://news.softpedia.com/news/vigilante-iot-worm-hajime-infects-300-000-devices-515233.shtml |title= Vigilante IoT Worm Hajime Infects 300,000 Devices |publisher= Softpedia |date= April 27, 2017 |accessdate= 13 October 2017 |author= Vatu, Gabriela}}

Later in April 2017, Hajime generated large media coverage as it appeared to be in competition with Mirai.{{cite web |url= https://threatpost.com/mirai-and-hajime-locked-into-iot-botnet-battle/125112/ |title= Mirai and Hajime Locked Into IoT Botnet Battle |publisher= threatpost |date= April 21, 2017 |accessdate= 13 October 2017 |author= Spring, Tom}}

This led to a number of reports which compared and noted that it appeared to have a similar purpose to Linux.Wifatch.{{cite web |url= https://www.bleepingcomputer.com/news/security/vigilante-hacker-uses-hajime-malware-to-wrestle-with-mirai-botnets/ |title= Vigilante Hacker Uses Hajime Malware to Wrestle with Mirai Botnets |publisher= Bleeping Computer |date= April 19, 2017 |accessdate= 13 October 2017 |author= Cimpanu, Catalin}}

It also did not contain any modules or tools for denial of service attacks, but instead only contained methods for extending its reach.{{cite web |url= https://www.scmagazineuk.com/hajime-malware-now-has-300000-strong-botnet-at-disposal-say-researchers/article/653516/ |title= Hajime malware now has 300,000 strong botnet at disposal say researchers |publisher= scmagazineuk.com |date= April 28, 2017 |accessdate= 13 October 2017 |author= Millman, Rene}}

Hand written assembly code specifically for several platforms was also discovered by researchers as well.{{cite web |url= https://security.rapiditynetworks.com/publications/2016-10-16/hajime.pdf |title= Hajime: Analysis of a decentralized intern et worm for IoT devices |publisher= rapiditynetworks.com |date= 16 October 2016 |accessdate= 14 October 2017 |author= Edwards, Sam |author2= Profetis, Ioannis |archive-date= 30 December 2016 |archive-url= https://web.archive.org/web/20161230182045/https://security.rapiditynetworks.com/publications/2016-10-16/hajime.pdf |url-status= dead }}

Hajime is similar to Mirai in its method of how it manages to compromise systems.{{cite web |url= http://www.securityweek.com/white-hat-hacker-created-mysterious-iot-worm-symantec-says |title= White Hat Hacker Created Mysterious IoT Worm, Symantec Says |publisher= securityweek.com |date= April 20, 2017 |accessdate= 14 October 2017 |author= Arghire, Ionut}}

One of the key differences with Mirai is that it uses a peer-to-peer network for communications.{{cite web |url= https://thehackernews.com/2017/04/vigilante-hacker-iot-botnet_26.html |title= Hajime 'Vigilante Botnet' Growing Rapidly; Hijacks 300,000 IoT Devices Worldwide |publisher= thehackernews.com |date= April 26, 2017 |accessdate= 14 October 2017 |author= Khandelwal, Swati}}{{cite news |title=Hajime, the mysterious evolving botnet |url=https://securelist.com/hajime-the-mysterious-evolving-botnet/78160/ |work=securelist.com |date=25 April 2017}}

What was also noted was the message the malware left on systems it compromised.{{cite web |url= https://security.radware.com/ddos-threats-attacks/hajime-iot-botnet/ | title=Hajime Botnet – Friend or Foe? |publisher= radware.com |date= 26 April 2017 |accessdate= 14 October 2017}}

The message left on systems compromised by Hajime displayed on terminals is shown below.{{cite web |url= https://thehackernews.com/2017/04/vigilante-hacker-iot-botnet.html |title= To Protect Your Devices, A Hacker Wants to Hack You Before Someone Else Does |publisher= thehackernews.com |date= April 19, 2017 |accessdate= 14 October 2017 |author= Khandelwal, Swati}}

cellpadding="1" cellspacing="10" style="text-align:left; margin:10px; border:2px solid; background:#CCCCBB;"

| Just a white hat, securing some systems.

Important messages will be signed like this!
Hajime Author.
Contact CLOSED Stay sharp!
{{cite web |url= http://securityaffairs.co/wordpress/58415/malware/hajime-botnet.html |title= The Hajime Botnet continues to grow and implements a new attack technique |publisher= securityaffairs.co |date= April 27, 2017 |accessdate= 14 October 2017 |author= Paganini, Pierluigi}}

See also

References

{{reflist|35em}}

{{IoT Malware}}

{{Hacking in the 2010s}}

Category:Botnets

Category:IoT malware

Category:Linux malware

Category:Cybercrime in India