Mirai Trojan aims to hit Linux-based IoT devices
While a lot of ransomware and malware were targeting desktops in the past, a new Trojan has emerged to hit Linux-based IoT devices in an uncomplicated way. Codenamed Mirai, the Trojan performs DDoS attacks to silently infect connected devices.
MalwareMustDie researchers spotted the Mirai Trojan. It previously entered the malware domain under names such as Gafgyt, Lizkebab, BASHLITE and Torlus.
“Some cases of the Linux/Mirai infection are showing traces that the malware was executed without parameter, and there are cases where the downloaded malware file(s) is deleted after execution. In this case, mostly, you won’t get the samples unless you dump the malware process to the ELF binary,” one of the researchers wrote in a blog post.
The DDoS Trojan aims to hit IoT devices with platforms like ARM, MIPS, PPC, SH4, SPARC and x86. It also targets hardware with the Busybox GNU library.
MalwareMustDie first researchers spotted the ‘/dvrHelper’ string in the Mirai code. This suggests that the malware is targeting DVRs and IP cameras. But the Trojan could also let attackers access unattended Linux servers using the same structure. Additionally, it is considered that Linux devices based on x86-32 architecture are not on the priority of the DDoS Trojan, as most of the samples are powered by ARM chips.
Users are recommended to apply some securing methods on their devices to protect themselves from Mirai. Moreover, server administrators and sysadmins can deploy some mitigations at their end to filter brute-force traffic from the newest malware.