Mirai 'Okiru' botnet targets billions of ARC-based IoT devices

Researchers suggest the variant could 'change the landscape of Linux IoT infection'

A new variant of the Mirai malware attacking IoT devices using ARC-based processors has been discovered, considered to be the first of its kind with billions of potential targets.

The malware, known as 'Mirai Okiru', is thought to be a variant of the infamous Mirai botnet that hijacked hundreds of thousands of internet-enabled devices in 2016. Github, Twitter, Reddit, Netflix, Airbnb and others were taken down during the campaign, as well as DNS provider Dyn and services used by institutions such as Rutgers University.

Researchers at white hat security group MalwareMustDie, the same collective that first identified the Mirai malware, believe the variant has been specifically designed to attack devices using Argonaut RISC Core (ARC) embedded processors, shipped in more than 1.5 billion IoT devices each year.

An independent security researcher known as Odisseus on Twitter, who first raised the alarm to the new variant, said that the discovery would "change the landscape of Linux IoT infection".

What's particularly concerning is that it's thought to be the first of its kind to target ARC-embedded products, such as smart devices for use in the car or the home, infecting a range of devices previously considered immune. 

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

It's the latest attempt to create an altered version of the highly disruptive Mirai malware, the source code for which was released publicly online in 2016.

Last month hackers released the code for a separate Mirai variant known as Satori, which was used to exploit a zero-day vulnerability in a Huawei router model, infecting more than 280,000 devices in 12 hours.

It's not entirely clear how many devices are currently affected by the Okiru strain. Currently, only 20 of 58 leading antivirus suites are able to block the Okiru variant, according to VirusTotal, with tools such as Malwarebytes, Bitdefender, Webroot, and Microsoft's own scanners unable to detect the malware.

Barry Shteiman, director of threat research at Exabeam, said that the discovery should help analysts understand just how quickly IoT devices can be infected.

"There are likely more than 1.5 billion devices out there with ARC processors, enough to overwhelm the largest of networks," said Shteiman. "The best way to illuminate this attack risk is to monitor the behaviour of IoT devices in much the same way as actual human users. If you can't directly protect and manage the devices on your network, you must understand what normal behaviour for the devices looks like; then it's possible to get an early indication of when a device has been highjacked by hackers and is likely being used for malicious means."

Advertisement - Article continues below

Last month, three hackers in their early 20s admitted to being behind the original Mirai malware following an FBI investigation.

Picture: Shutterstock

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

23 Dec 2019
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

3 Sep 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/network-internet/broadband/354530/openreach-offers-free-full-fibre-installation-for-thousands-of
broadband

Openreach offers free full-fibre installation for thousands of homes

14 Jan 2020