Mirai Botnet Expands Array of Targeted System Processors

According to a recent report by security researchers with Unit 42 of Palo Alto Networks, there are new compiled versions of the Mirai botnet malware that are making the rounds. This time around Mirai is diversifying to target a wider range of embedded system processors.

Newly compiled versions of the Mirai malware now target Altera Nios II, Tensilica Xtensa, OpenRISC as well as Xilinx MicroBlaze chips. This attempt at diversification should not be too surprising, given that Mirai was open sourced back in 2016 and any jumped-up script kiddie can try compiling it for new hardware. This is not the first time Mirai has targeted IoT devices. Back in 2016 the botnet was behind a massive distributed denial of service (DDoS) attack that crippled Internet servers in the US. The majority of the devices used in the DDoS attack were CCTV cameras that Mirai was piggybacking. More recently, security researchers discovered Mirai compiled for ARC International processors. The bad actors interested in exploiting IoT devices are obviously continually on the lookout for more devices that they can hook up to.

The newly targeted chips are just one of the new things with the Mirai malware. The botnet gained new functionality as well. The standard byte-wise XOR encryption in older Mirai versions has been updated and improved. The updated code also includes a new method for DDoS attacks. However, the researchers discovered the method used the same parameters as the older compiles, which is somewhat confusing, as the purpose for this particular update is unclear.

In a March report, Palo Alto discovered Mirai was targeting LG Supersign TV sets as well as wireless presentation devices, with 11 new exploits added to Mirai's arsenal. The increasing potential footprint of the botnet is worrying news, as the added functionality to break into corporate devices could afford even more bandwidth for future DDoS attacks.