Routers with default passwords are attracting Mirai infections, Juniper says

A specific line of Juniper Networks devices can easily become infected with Mirai malware if users don’t scrap their default passwords, the company says in an advisory.

Beginning December 11, customers started reporting “suspicious behavior” on their Session Smart Routers, Juniper says, and they had one thing in common: They were still using the factory-set passwords on the devices.

A variant of Mirai malware was scanning for such routers and, once infected, the devices were “subsequently used as a DDOS attack source” attempting to disrupt websites with junk traffic, Juniper says. The company does not mention how many devices were infected or where the attacks were directed.

As Juniper notes, Mirai is capable of a “a wide range of malicious activities” in addition to its use in DDoS attacks. Previous reports have noted that the malware has spread cryptominers and allowed “click fraud” to inflate the effectiveness of online ads.

Anyone with Session Smart Routers should immediately give them strong, unique passwords and continue to monitor for suspicious network activity such as unusual port scanning, increased login attempts and spikes in outbound internet traffic, Juniper says.

“If a system is found to be infected, the only certain way of stopping the threat is by reimaging the system as it cannot be determined exactly what might have been changed or obtained from the device,” the advisory says.

Connected devices such as routers and cameras make prime targets for Mirai, which often exploits software bugs to spread. Default login credentials make intrusions much easier.