Mirai 'Okiru' botnet targets billions of ARC-based IoT devices

Researchers suggest the variant could 'change the landscape of Linux IoT infection'

A new variant of the Mirai malware attacking IoT devices using ARC-based processors has been discovered, considered to be the first of its kind with billions of potential targets.

The malware, known as 'Mirai Okiru', is thought to be a variant of the infamous Mirai botnet that hijacked hundreds of thousands of internet-enabled devices in 2016. Github, Twitter, Reddit, Netflix, Airbnb and others were taken down during the campaign, as well as DNS provider Dyn and services used by institutions such as Rutgers University.

Researchers at white hat security group MalwareMustDie, the same collective that first identified the Mirai malware, believe the variant has been specifically designed to attack devices using Argonaut RISC Core (ARC) embedded processors, shipped in more than 1.5 billion IoT devices each year.

An independent security researcher known as Odisseus on Twitter, who first raised the alarm to the new variant, said that the discovery would "change the landscape of Linux IoT infection".

What's particularly concerning is that it's thought to be the first of its kind to target ARC-embedded products, such as smart devices for use in the car or the home, infecting a range of devices previously considered immune. 

It's the latest attempt to create an altered version of the highly disruptive Mirai malware, the source code for which was released publicly online in 2016.

Last month hackers released the code for a separate Mirai variant known as Satori, which was used to exploit a zero-day vulnerability in a Huawei router model, infecting more than 280,000 devices in 12 hours.

It's not entirely clear how many devices are currently affected by the Okiru strain. Currently, only 20 of 58 leading antivirus suites are able to block the Okiru variant, according to VirusTotal, with tools such as Malwarebytes, Bitdefender, Webroot, and Microsoft's own scanners unable to detect the malware.

Barry Shteiman, director of threat research at Exabeam, said that the discovery should help analysts understand just how quickly IoT devices can be infected.

"There are likely more than 1.5 billion devices out there with ARC processors, enough to overwhelm the largest of networks," said Shteiman. "The best way to illuminate this attack risk is to monitor the behaviour of IoT devices in much the same way as actual human users. If you can't directly protect and manage the devices on your network, you must understand what normal behaviour for the devices looks like; then it's possible to get an early indication of when a device has been highjacked by hackers and is likely being used for malicious means."

Last month, three hackers in their early 20s admitted to being behind the original Mirai malware following an FBI investigation.

Picture: Shutterstock

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Weakness in Mamba ransomware could help recover data
ransomware

Weakness in Mamba ransomware could help recover data

26 Mar 2021
Invoice ZLoader campaign hides within encrypted Excel docs
malware

Invoice ZLoader campaign hides within encrypted Excel docs

8 Mar 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
UK exploring plans to launch its own digital currency
digital currency

UK exploring plans to launch its own digital currency

19 Apr 2021