Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

New Mirai Variant Targets More Processor Architectures

A recently discovered variant of the Mirai malware is targeting more processor architectures than before, which allows it to attack a wider range of Internet of Things (IoT) devices, Palo Alto Networks security researchers reveal.

A recently discovered variant of the Mirai malware is targeting more processor architectures than before, which allows it to attack a wider range of Internet of Things (IoT) devices, Palo Alto Networks security researchers reveal.

Targeting IoT devices in an attempt to ensnare them into a botnet capable of launching distributed denial of service (DDoS) attacks, the malware has been around since late 2016, with numerous variants observed since (such as Wicked, Satori, Okiru, Masuta, and others).

Mirai’s source code was publicly released in October 2016, and various threat actors built their own iterations of the malware in order to target additional device types. A version that emerged earlier this year aims at devices specifically intended for businesses.

The newly observed Mirai samples, Palo Alto Networks reports, are compiled to run on Altera Nios II, OpenRISC, Tensilica Xtensa, and Xilinx MicroBlaze processors, which shows that the threat’s developers continue to innovate.

“If the latest innovations lead to an increase in the number of infected devices, that means that Mirai attackers would have access to additional firepower for use in denial of service attacks,” Palo Alto Networks points out.

The new samples employ a modified version of the byte-wise XOR used in the original Mirai source code, and also include a new DDoS attack option that features the same parameters as the attack method “TCP SYN” in the original Mirai source.

“We found these latest samples on a single IP that at one point of time was hosting them via an open directory; however, on February 22, 2019, the server was later updated to hide the file listing but continued to host the files themselves,” the researchers reveal.

Previously, the IP was hosting Mirai samples containing a large list of exploits known to be used in earlier versions of the malware, and the presence of these exploits in the newly observed samples suggests that both are used by the same attacker.

Advertisement. Scroll to continue reading.

The exploits targeted a ThinkPHP remote code execution vulnerability, a D-Link DSL2750B OS command injection flaw, a remote code execution bug in Netgear devices, a Realtek SDK flaw tracked as CVE-2014-8361, and a Huawei router vulnerability identified as CVE-2017-17215.

With the Mirai source code available in the open, threat actors will likely continue to compile it to target new device types, including by broadening the list of processors the malware can run on.

This will expand the attack surface, allowing cybercriminals to infect and propagate via a larger number of embedded devices, thus gaining more DDoS firepower, the researchers conclude.

Related: New Mirai Variant Targets Enterprise IoT Devices

Related: Cross-Platform Mirai Variant Leverages Open-Source Project

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

IoT Security

An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.