A new trojan named Mirai has surfaced, and it’s targeting Linux servers and IoT devices, mainly DVRs, running Linux-based firmware, for the purpose of enslaving these systems as part of a large botnet used to launch DDoS attacks.
According to security researcher MalwareMustDie! (MMD), Mirai is an evolution of an older trojan, also used for DDoS attacks, known under many names, such as Gafgyt, Lizkebab, BASHLITE, Bash0day, Bashdoor, and Torlus.
Mirai’s predecessor is no joke. According to a Level 3 report from last week, Gafgyt has infected over one million IoT devices during the past months, and there’s one crook running a Gafgyt-powered botnet of over 120,000 bots.
Mirai’s mode of operation is largely the same as Gafgyt, targeting IoT devices running Busybox, a slimmed-down version of select GNU tools and libraries, usually deployed on small embedded hardware.
The trojan also targets only a specific set of platforms, such as ARM, ARM7, MIPS, PPC, SH4, SPARC, and x86, on which IoT devices are usually built.
Submitted by: Arnfried Walbrecht