As previously reported, Hajime uses the same list of user name and password combinations used by Mirai, the IoT botnet that spawned several, record-setting denial-of-service attacks last year. Once Hajime infects an Internet-connected camera, DVR, and other Internet-of-things device, the malware blocks access to four ports known to be the most widely used vectors for infecting IoT devices. It also displays a cryptographically signed message on infected device terminals that describes its creator as "just a white hat, securing some systems..."
A vigilante is putting a huge amount of work into infecting IoT devices | Ars Technica