The past few days have revealed new data that suggests the recent upsurge in malware targeting routers—as Ars has chronicled here, here, and here—is not only continuing, but it's spreading to digital video recorders (DVRs).
Exhibit A came Monday from researchers at security training institute Sans, which unearthed a Bitcoin-mining trojan that has infected DVRs. The researchers found the infection while researching the source of an automated script they observed scanning the Internet for data storage devices made by Synology. The researchers eventually found that the bot ran on a DVR with an ARM processor but didn't know much else. They later determined it was part of a Bitcoin miner that took control of DVRs used to record video from security cameras, most likely by exploiting an exposed telnet port and a default root password of "12345." Samples of the malware are here. The password to access the binaries is "infected."
On Tuesday, Sans researchers uncovered evidence that the binaries can also infect routers, even when they're configured to provide network address translation (NAT), which can help lock down the security of devices on a network.