Experts at 360Netlab observed the Fbot bot infecting a large number of HiSilicon DVR/NVR Soc devices. Experts only observed a few different camera brands as a number of camera manufacturers. The root problem might be a specific OEM application running on top of the devices. The attackers exploited the weak security implementation of the DVRIP protocol made by the vendor. Fbot implements a multiple stage infection process, experts were able to analyze Fbot samples and some payloads, but they annunced the capture of key Exploit Payload only while I was writing this post.”]
Source: https://securityaffairs.co/wordpress/81567/malware/fbot-malware-hisilicon.html