Juniper Networks has issued a warning about a vulnerability in its Session Smart Routers, emphasizing the risk of Mirai malware infection if factory-set passwords are not changed.
Starting December 11, the company began receiving reports from customers about "suspicious behavior" on their devices. Upon investigation, Juniper identified a common factor: users had not updated the default login credentials.
A specific variant of the Mirai malware has been scanning for these routers, exploiting the unchanged passwords to infiltrate systems. Once infected, the devices were reportedly "subsequently used as a DDoS attack source" to bombard websites with excessive traffic. However, Juniper did not disclose the number of devices affected or the locations of the attacks.
According to Juniper, Mirai is capable of executing "a wide range of malicious activities" beyond DDoS attacks. Past cases have revealed its involvement in spreading cryptominers and enabling "click fraud" schemes that manipulate online advertising metrics.
To safeguard their devices, Juniper advises Session Smart Router users to implement strong, unique passwords immediately and to stay vigilant for unusual network activity. Signs to monitor include unexpected port scans, increased login attempts, and surges in outbound traffic.
"If a system is found to be infected, the only certain way of stopping the threat is by reimaging the system as it cannot be determined exactly what might have been changed or obtained from the device," the advisory states.
Juniper also notes that Mirai commonly targets connected devices like routers and cameras, often exploiting software vulnerabilities to spread. Using default credentials further simplifies the intrusion process, making it crucial to update them