Cross-Platform Infections Is Now Possible With The Latest Mirai Botnet
Recently, cyber security researchers has observed as new variant of Mirai Botnet targeting IoT (Internet of Things) devices. According to the security reports, the malware is running its campaign globally and it is capable to target individual PC users as well as IoT service devices. Because of its effectiveness it has been considered as one of the most successful and popular toll for cyber criminals. As published by a cyber security researcher, creating latest variant of Mirai malware is a profitable business for hackers because there are different kind of IoT device has some vulnerabilities which become easy target in such attack.
The Updated Mirai Can Run On Different Architectures
In Japanese Mirai means “master” and the name suits on this malware because like other threat it is not only compatible with specific architecture or platform. The malware is capable to run on different platform which show that how experienced its author are. Because of its portability it allow many hackers group as well as individual cyber criminal to customize their attack. The infection sample reveal that this Botnet reside in memory of the infected device which make it difficult to scan and remove. Device like CCTV camera, routers, smart TV, video camera, printers and other Internet connected device are at risk of its attack.
Before it attack the targeted IoT device it scan that device and it mostly attack those device whose security is weak. Below are some malicious activities which the updated Mirai Botnet is capable to execute :
- Attack IoT devices which have default password or username
- Utilize the infected device for launching DDoS attack
- Connects to remotes server to get command and execute further
- Use the compromised devices to create Botnet etc.
Mirai Malware Fires Shell Scripts On Vulnerable IoT Device
Like other infection of Mirai, this updated variant also deploy shell scripts on its targeted device. The shell script download and executes specific executables sequentially. The files which get executed successfully are responsible for the Mirai attack. It enumerate a list of IP addresses by making a list of random IP address scanning the vulnerable and weakly secured IoT devices. This Mirai variant has been created by taking advantage of Aboriginal Linux which is an open source project which make the cross-platform infections possible as well as effective.
The upgraded Mirai Botnet use C&C tool which provide it the ability to cross platform attack including seven different kind of system architecture for both 32 and 64-bit. Following symptoms can be observed on the compromised device :
- Unwanted traffics on the ports like 23/TCP and 2323/TCP
- C&C network traffic can be observed on 48101/TCP port
- Large amount of outbound traffic if the device is used in DDoS.
Preventive Measures To Protect Device From Mirai Attack
If user follows the given tips then they can protect their IoT devices from being infected by Mirai Botnet and similar malware :
- Use strong and unique password for Wi-Fi networks and device account.
- Disable all those features as well as services which are not necessary.
- If possible use wired connection instead of the wireless connection.
- Follow the manufacturer website of your device for firmware update.
- Modify security settings of IoT device according to security policy.