Hajime (malware)

Hajime (Japanese for "beginning") is a malware which appears to be similar to the Wifatch malware in that it appears to attempt to secure devices.^[5] Hajime is also far more advanced than Mirai, according to various researchers.^[6]

Hajime^[1]

Written in	C[2]
Operating system	Linux[3]
Type	Botnet[4]

The top countries infected by the malware were Iran, Brazil, Vietnam, Russia and Turkey, followed by India, Pakistan, Italy and Taiwan.^[7]

Malware

Hajime is a worm according to sources which have placed research on the subject.^[8] It appears to have been discovered as early as October 2016.^[9]

Later in April 2017, Hajime generated large media coverage as it appeared to be in competition with Mirai.^[10] This led to a number of reports which compared and noted that it appeared to have a similar purpose to Linux.Wifatch.^[11] It also did not contain any modules or tools for denial of service attacks, but instead only contained methods for extending its reach.^[12]

Hand written assembly code specifically for several platforms was also discovered by researchers as well.^[13]

Hajime is similar to Mirai in its method of how it manages to compromise systems.^[14] One of the key differences with Mirai is that it uses a peer-to-peer network for communications.^[15][16]

What was also noted was the message the malware left on systems it compromised.^[17] The message left on systems compromised by Hajime displayed on terminals is shown below.^[18]

Just a white hat, securing some systems.

Important messages will be signed like this!

Hajime Author.

Contact CLOSED Stay sharp!

^[19]

See also

• BASHLITE – another notable IoT malware
• Denial-of-service attack
• Linux malware
• Linux.Darlloz – another notable IoT malware
• Remaiten - another IoT DDoS bot