Since its appearance, Mirai botnet has given rise to several new variants. The outgrowing variants of the botnet armed with the ability to target IoT devices have become a major concern for security experts.
- Four new variants of the Mirai botnet have been discovered by researchers from two recently discovered campaigns. These variants leveraged two command injection vulnerability exploits as attack vectors to deliver the malware.
- A command injection vulnerability in web service with an NTP server setting feature was targeted by the first exploit while the second exploit was associated with a flaw in HTTP request headers.
- The four new variants possessed the necessary functionality to launch DDoS attacks. Although, variant number four was deemed to be the most dangerous among the four.
Additionally..
- Ttint, a variant of Mirai was uncovered in the first week of October launching attacks against Tenda routers.
- One of its kind, the variant came with DDoS capabilities, along with RAT and spyware functions.
- Along with 12 RAT instructions and 22 custom C2 commands, Ttint can carry out 10 typical Mirai DDoS attack instructions.
- Researchers also spotted an attack leveraging the Demonbot variant of Mirai during the same period along with the second variant of Mirai developed by Scarface.
- Launched by the Priority threat actor group, the attack vigorously scanned ports 5500, 5501, 5502, 5050, and 60001 to gain access to devices.
A resurgence of Mirai-based malware, capable of building large botnets through the exploitation of vulnerable IoT devices has been noticed. This resurgence has also contributed to the rise in the number of DDoS attacks in the past months as compared to the last year.
Ttint’s additional capability of turning itself to RAT marks a change for the Mirai world.
To read more, please check eScan Blog
