Mirai

Pierluigi Paganini September 19, 2018
Mirai authors avoid the jail by helping US authorities in other investigations

Three men who admitted to being the authors of the Mirai botnet avoided the jail after helping the FBI in other cybercrime investigations. I’m following the evolution of Mirai botnet since MalwareMustDie shared with me the findings of its investigation in August 2016. Now three individuals who admitted to being the authors of the infamous botnet avoided the […]

Pierluigi Paganini September 19, 2018
Evolution of threat landscape for IoT devices – H1 2018

Security experts from Kaspersky have published an interesting report on the new trends in the IoT threat landscape. What is infecting IoT devices and how? The researchers set up a honeypot to collect data on infected IoT devices, the way threat actors infect IoT devices and what families of malware are involved. The first data that emerged […]

Pierluigi Paganini September 10, 2018
Mirai and Gafgyt target Apache Struts and SonicWall to hit enterprises

Security experts with Unit 42 at Palo Alto Networks have discovered new variants of the Mirai and Gafgyt IoT malware targeting enterprises. Both botnets appear very interesting for two main reasons: The new Mirai variant targets the same Apache Struts vulnerability exploited in the 2017 Equifax data breach. The vulnerability affects the Jakarta Multipart parser upload […]

Pierluigi Paganini August 24, 2018
A new Cross-Platform Mirai Variant appeared in the wild

A new cross-platform Mirai variant appeared in the threat landscape, this one has been created using an open-source project. Security experts from Symantec have spotted a new cross-platform Mirai variant that has been created with an open-source project. Mirai malware first appeared in the wild in 2016 when the expert MalwareMustDie discovered it in massive […]

Pierluigi Paganini July 23, 2018
Experts warn of new campaigns leveraging Mirai and Gafgyt variants

Security experts are warning of an intensification of attacks powered by two notorious IoT botnets, Mirai and Gafgyt. Security experts are warning of a new wave of attacks powered by two botnets, Mirai and Gafgyt. Since the code of the infamous Mirai botnet was leaked online many variants emerged in the threat landscape. Satori, Masuta, Wicked Mirai, JenX, […]

Pierluigi Paganini June 17, 2018
Satori botnet is back again, experts observed a surge in port scan activity associated with it

This week, security experts observed a surge in port 8000 scan activity, researchers at  Qihoo 360 Netlab determined that the unusual activity was associated with Satori IoT botnet. Experts from Qihoo 360 Netlab discovered that the author of the Satori botnet have integrated a the proof-of-concept (PoC) code for the XionMai web server software package after it was […]

Pierluigi Paganini June 06, 2018
It’s not a joke, Owari botnet operators used root as username and password to access a C&C

Security expert Ankit Anubhav discovered a Command and Control server for the Owari botnet protected with weak credentials. An IoT botnet has been commandeered by white hats after its controllers used a weak username and password combination for its command-and-control server. Security expert Ankit Anubhav from Newsky Security discovered an IoT botnet that was controlled by […]

Pierluigi Paganini June 01, 2018
Crooks expand the original Mirai botnet code base with new capabilities and improvements

Cybercriminals continue to improve the infamous Mirai botnet by adding new exploits and functionalities, experts warn new dangerous variant will appear in the wild. According to Netscout’s Arbor Security Engineering and Response Team (ASERT), cybercriminals continue to improve the dreaded Mirai IoT botnet by adding new exploits and functionalities. The time to market of new Mirai botnet […]

Pierluigi Paganini May 19, 2018
Updated – The new Wicked Mirai botnet leverages at least three new exploits

Security experts from Fortinet have spotted a new variant of the Mirai botnet dubbed ‘Wicked Mirai’, it includes new exploits and spread a new bot. The name Wicked Mirai comes from the strings in the code, the experts discovered that this new variant includes at least three new exploits compared to the original one. “The […]

Pierluigi Paganini May 18, 2018
Satori Botnet is targeting exposed Ethereum mining pools running the Claymore mining software

While a new variant of the dreaded Mirai botnet, so-called Wicked Mirai, emerged in the wild the operators of the Mirai Satori botnet appear very active. Experts observed hackers using the Satori botnet to mass-scan the Internet for exposed Ethereum mining pools, they are scanning for devices with port 3333 exposed online. The port 3333 is a port […]