Two new Mirai botnet variants, "tuxnokill" and "Nexcorium," are actively exploiting CVE-2025-29635 (CVSS 8.8 HIGH) to infect routers and DVRs. The tuxnokill variant spreads via this vulnerability, which specifically affects D-Link DIR-823X firmware versions 240126 and 240802. The article provides limited technical details on mitigation, focusing instead on the campaigns' discovery and the unusual "AI.NEEDS.TO.DIE" message in the malware's code.
Hidden inside newly discovered botnet malware is an unusual message from its creator: “AI.NEEDS.TO.DIE”. Dubbed “tuxnokill” by researchers at Akamai, the malware is one of two fresh Mirai botnet variants documented this month by major cybersecurity firms and, judging by the aforementioned hard-coded string, this particular variant might have been coded the old-fashioned way. “Tuxnokill” and “Nexcorium” Based on hits on the company’s global network of honeypots, Akamai found that tuxnokill is spreading through CVE-2025-29635, … More → The post New Mirai variants target routers and DVRs in parallel campaigns appeared first on Help Net Security .