Security researchers from Palo Alto Networks have discovered that a new type of notorious Mirai botnet targets 13 vulnerabilities in IoT devices connected to Linux servers with the aim of exploiting them for denial of service attacks.
Once the vulnerabilities are compromised by a variant known as V3G4, attackers have complete control over them as they become part of a network of botnets that can be used to launch further attacks.
Researchers at Palo Alto Networks Unit 42 monitored the malware in three separate campaigns and claim to have monitored its activity between July and December 2022.
The researchers believe that all three campaigns are from the same party as they associate the target machine with the same address. In their report on the new variant, they say it may be less complex than previously noted variants, but still have serious security implications that could lead to remote code execution.
The feature that sets V3G4 apart from most Mirai variants is that it uses four different XOR encryption keys instead of just one, making it difficult to reverse engineer malicious code and break its functionality.
To protect devices from infections like Mirai botnet, experts recommend always changing the default passwords of IoT devices and installing the latest security updates.
In October 2016, the Mirai botnet disrupted nearly half of the global internet after launching a massive denial-of-service attack against Dyn, the DNS provider for dozens of popular websites.