LuaBot falls into the same category as Mirai because its primary purpose is to compromise Linux systems, IoT devices or web servers, and add them as bots inside a bigger botnet controlled by the attacker.
At the moment, the LuaBot trojan is packed as an ELF binary that targets ARM platforms, usually found in embedded (IoT) devices. Based on MalwareMustDie’s experience, this seems to be the first Lua-based malware family packed as an ELF binary spreading to Linux platforms.
An initial analysis by MalwareMustDie didn’t uncover any malicious functionality outside the capabilities of adding devices to a centrally controlled botnet. One day after publishing his research on LuaBot, MalwareMustDie received an extra sample, a LuaBot module, which when installed, granted LauBot the ability to carry out Layer 7 DDoS attacks.
Unlike Mirai, which is the fruit of a two-year-long coding frenzy, LuaBot is in its early stages of development, with the first detection being reported only a week ago and a zero detection rate on VirusTotal for current samples.
Submitted by: Arnfried Walbrecht