Mirai 'Okiru' botnet targets billions of ARC-based IoT devices

Researchers suggest the variant could 'change the landscape of Linux IoT infection'

A new variant of the Mirai malware attacking IoT devices using ARC-based processors has been discovered, considered to be the first of its kind with billions of potential targets.

The malware, known as 'Mirai Okiru', is thought to be a variant of the infamous Mirai botnet that hijacked hundreds of thousands of internet-enabled devices in 2016. Github, Twitter, Reddit, Netflix, Airbnb and others were taken down during the campaign, as well as DNS provider Dyn and services used by institutions such as Rutgers University.

Researchers at white hat security group MalwareMustDie, the same collective that first identified the Mirai malware, believe the variant has been specifically designed to attack devices using Argonaut RISC Core (ARC) embedded processors, shipped in more than 1.5 billion IoT devices each year.

Advertisement - Article continues below

An independent security researcher known as Odisseus on Twitter, who first raised the alarm to the new variant, said that the discovery would "change the landscape of Linux IoT infection".

What's particularly concerning is that it's thought to be the first of its kind to target ARC-embedded products, such as smart devices for use in the car or the home, infecting a range of devices previously considered immune. 

It's the latest attempt to create an altered version of the highly disruptive Mirai malware, the source code for which was released publicly online in 2016.

Advertisement
Advertisement - Article continues below

Last month hackers released the code for a separate Mirai variant known as Satori, which was used to exploit a zero-day vulnerability in a Huawei router model, infecting more than 280,000 devices in 12 hours.

It's not entirely clear how many devices are currently affected by the Okiru strain. Currently, only 20 of 58 leading antivirus suites are able to block the Okiru variant, according to VirusTotal, with tools such as Malwarebytes, Bitdefender, Webroot, and Microsoft's own scanners unable to detect the malware.

Advertisement - Article continues below

Barry Shteiman, director of threat research at Exabeam, said that the discovery should help analysts understand just how quickly IoT devices can be infected.

"There are likely more than 1.5 billion devices out there with ARC processors, enough to overwhelm the largest of networks," said Shteiman. "The best way to illuminate this attack risk is to monitor the behaviour of IoT devices in much the same way as actual human users. If you can't directly protect and manage the devices on your network, you must understand what normal behaviour for the devices looks like; then it's possible to get an early indication of when a device has been highjacked by hackers and is likely being used for malicious means."

Last month, three hackers in their early 20s admitted to being behind the original Mirai malware following an FBI investigation.

Picture: Shutterstock

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Recommended

Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

30 Jun 2020
Visit/security/hacking/356152/searching-for-a-new-job-that-linkedin-job-offer-may-be-fake
hacking

Searching for a new job? That LinkedIn job offer may be fake

19 Jun 2020
Visit/security/malware/355093/evasive-malware-threats-are-surging
malware

Evasive malware threats doubled in 2019

24 Mar 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/business/business-operations/356395/nvidia-overtakes-intel-as-most-valuable-us-chipmaker
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020