IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Mirai 'Okiru' botnet targets billions of ARC-based IoT devices

Researchers suggest the variant could 'change the landscape of Linux IoT infection'

A new variant of the Mirai malware attacking IoT devices using ARC-based processors has been discovered, considered to be the first of its kind with billions of potential targets.

The malware, known as 'Mirai Okiru', is thought to be a variant of the infamous Mirai botnet that hijacked hundreds of thousands of internet-enabled devices in 2016. Github, Twitter, Reddit, Netflix, Airbnb and others were taken down during the campaign, as well as DNS provider Dyn and services used by institutions such as Rutgers University.

Researchers at white hat security group MalwareMustDie, the same collective that first identified the Mirai malware, believe the variant has been specifically designed to attack devices using Argonaut RISC Core (ARC) embedded processors, shipped in more than 1.5 billion IoT devices each year.

An independent security researcher known as Odisseus on Twitter, who first raised the alarm to the new variant, said that the discovery would "change the landscape of Linux IoT infection".

What's particularly concerning is that it's thought to be the first of its kind to target ARC-embedded products, such as smart devices for use in the car or the home, infecting a range of devices previously considered immune. 

It's the latest attempt to create an altered version of the highly disruptive Mirai malware, the source code for which was released publicly online in 2016.

Last month hackers released the code for a separate Mirai variant known as Satori, which was used to exploit a zero-day vulnerability in a Huawei router model, infecting more than 280,000 devices in 12 hours.

It's not entirely clear how many devices are currently affected by the Okiru strain. Currently, only 20 of 58 leading antivirus suites are able to block the Okiru variant, according to VirusTotal, with tools such as Malwarebytes, Bitdefender, Webroot, and Microsoft's own scanners unable to detect the malware.

Barry Shteiman, director of threat research at Exabeam, said that the discovery should help analysts understand just how quickly IoT devices can be infected.

"There are likely more than 1.5 billion devices out there with ARC processors, enough to overwhelm the largest of networks," said Shteiman. "The best way to illuminate this attack risk is to monitor the behaviour of IoT devices in much the same way as actual human users. If you can't directly protect and manage the devices on your network, you must understand what normal behaviour for the devices looks like; then it's possible to get an early indication of when a device has been highjacked by hackers and is likely being used for malicious means."

Last month, three hackers in their early 20s admitted to being behind the original Mirai malware following an FBI investigation.

Picture: Shutterstock

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
How full-stack observability can accelerate IT innovation
Sponsored

How full-stack observability can accelerate IT innovation

3 May 2022