Mirai Botnet

News Mjolnir Security todayJune 1, 2022 99 1

share close

Mirai (malware) has been around since 2016. It was first identified as a botnet by MalwareMustDie in August of that year and it gained prominent attention when it was used to attack Brian Kreb’s website. Later that year, the source code for the botnet was released and it continues to spread through various iterations.

Brute-force attacks to log in to internet-connected devices is the most preferred method for spreading various Mirai variants, we have identified that the variants are now going for devices with high-bandwidth, low-latency internet connections and higher computing power which now requires new methods for compromise, moving away from smart devices to more powerful Linux-running devices.

Many of the original Mirai features have made their way to existing variants, such as:

  • self-deleting the executable
  • changing the process name and the command line to avoid detection
  • preventing system reboot
  • stopping processes associated with remote administration tools like SSH and Telnet
  • stopping “competing” malware processes

But, newer variants have slightly different implementations or add new exploit capabilities to increase the attack surface.

Earlier this year, the Spring4Shell flaw was exploited by Mirai botnet to start a resurgence.

According to Trend Micro researchers, they observed the bad actors weaponizing to run Mirai malware on vulnerable servers in the Singapore region via the Spring4Shell vulnerability, tracked as CVE-2022-22965.

By exploiting the flaw, attackers can download a Mirai sample to the “/tmp” folder in a server and execute it after a permission change to make them executable using “chmod.” Chmod is a command and system call in Unix and Unix-related servers used to change access permissions of file system objects, known as “modes.”

We have been tracking the spread of Mirai botnet globally and have noticed a spike that doesn’t show signs of slowing down. This is a breakdown of the spread we have seen since the beginning of the year:

Spread of infections

You can watch live updates on the botnet through our dashboard here:

Written by: Mjolnir Security

Tagged as: , , .

Previous post

todayMay 29, 2022

  • 99
  • 1

News Mjolnir Security

Anubis Android Malware

Anubis first appeared on Russian hacking forums in 2016, shared as an open-source banking trojan with instructions on implementing its client and components. In the years that followed, Anubis received ...

Similar posts

News Mjolnir Security / March 27, 2023

Learning from the Past: Top 10 Data Breaches in the Last 10 Years and How Mjolnir Security Can Help

Introduction Cybersecurity has never been more critical in our increasingly digital world. As technology advances, cybercriminals are finding new ways to exploit vulnerabilities and access sensitive information. In the past five years, we’ve witnessed some of the most significant and damaging data breaches in history. By examining these incidents, we can learn valuable lessons about ...

Read more trending_flat

News Mjolnir Security / March 24, 2023

Mjolnir Security’s eDiscovery Service: Discover, Analyze, and Protect Sensitive Data

Introduction Mjolnir Security is proud to present its state-of-the-art eDiscovery service, designed to provide comprehensive support to clients in the realms of Digital Forensics, data protection, and regulatory compliance. Our eDiscovery service is specifically tailored to help clients identify, analyze, and manage Personally Identifiable Information (PII), Protected Health Information (PHI), Personal Financial Information (PFI), and ...

Read more trending_flat