For almost eight years, a hacker has silently hijacked D-Link NVRs (network video recorders) and NAS (network-attached storage) devices into a botnet that had the sole purpose of connecting to online websites and download anime videos.
Named Cereals and first spotted in 2012, the botnet reached its peak in 2015 when it amassed more than 10,000 bots.
However, despite its size, the botnet operated without detection from most cyber-security firms. Currently, Cereals is slowly disappearing, as the vulnerable D-Link devices on which it fed all these years have started aging and are being decommissioned by their owners. Further, the botnet’s decline was also accelerated when a ransomware strain named Cr1ptT0r wiped the Cereals malware from many D-Link systems in the winter of 2019.