Crooks expand the original Mirai botnet code base with new capabilities and improvements

Cybercriminals continue to improve the infamous Mirai botnet by adding new exploits and functionalities, experts warn new dangerous variant will appear in the wild.

According to Netscout’s Arbor Security Engineering and Response Team (ASERT), cybercriminals continue to improve the dreaded Mirai IoT botnet by adding new exploits and functionalities.

The time to market of new Mirai botnet versions is drastically reducing, in a few months experts spotted at least four Mirai variants in the wild, Satori, JenX, OMG and Wicked.

Vxers are used the leaked Mirai source code to create their own version, this trend is scaring security experts.

“Using Mirai as a framework, botnet authors can quickly add in new exploits and functionally, thus dramatically decreasing the development time for botnets. The Mirai source is not limited to only DDoS attacks. A variant of Satori was discovered which attacks Ethereum mining clients.” states the report published by Netscout.

Below the key findings for the new Mirai Variants

• Satori uses a remote code injection exploits to implement scanning feature.
• The JenX bot evolved from Mirai to include similar coding, but authors removed scanning and exploitation capabilities.
• The OMG bot adds HTTP and SOCKS proxy capabilities.
• The Wicked Mirai exploits RCE flaws to infect Netgear routers and CCTV-DVR devices. When vulnerable devices are found, a copy of the Owari bot is downloaded and executed.

Cyber criminals will continue to use the Mirai variants to build large botnets, for this reason, it experts recommend organizations to apply proper patching, updates, and DDoS mitigation strategies to protect their infrastructure.

“As seen with the four samples covered above, botnet authors are already using the Mirai source code as their building blocks. As the explosion of IoT devices does not look to be slowing down, we believe we’ll continue to see increases in IoT botnets.” concluded the report.

“We are likely to see remnants of Mirai live on in these new botnets as well.”

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Mirai botnet, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]