Security

New Mirai Botnet Variant Expands the IoT Targeting Even Further

Written by Bill Toulas
Last updated September 23, 2021

Mirai’s perseverance continues in 2021, as the nasty botnet that has been plaguing IoTs around the globe since 2016 has had yet another target-expanding update. We have seen that happening again and again, with new Mirai botnet variants adding exploits for routers, presentation devices, smart TVs, and video recorders.

This time, we have a generic expansion into the networking equipment space. Based on the reports of Unit 42 researchers who discovered the new sample last month, the new Mirai variant has added the following exploits:

In some cases, the actors incorporated the exploits mere hours after the associated vulnerabilities had been published, underlining the authors' readiness in a clear way. The focus of the actors is obviously on critical or at least high severity flaws that can trigger remote code execution conditions, so Mirai remains a very dangerous botnet.

Source: Unit42

From the point of C2 infrastructure, Unit42 researchers noticed that the actors were changing URLs every week, and each time, the distribution lasted for three days or less. As for the binaries that are fetched from these URLs, these are the following:

Source: Unit42

To protect your IoTs and by extension yourself against Mirai, apply all available firmware updates on your devices, change the default credentials to something strong and unique, set up a separate network for them and isolate them from your most critical machines, and finally, simply take all IoTs offline when you’re not using them.

There's already a fixing patch available out there for all the vulnerabilities that are being exploited by Mirai right now, so updating your devices should do the trick. Until today, we have seen no Mirai variants incorporating zero-days, which would make the situation a lot different. In any case, the fact that Mirai’s authors are moving instantaneously underlines the need to patch as quickly as possible every time a new update is out.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: