New Mirai samples ended up discovered compiled for new processors/architectures not previously seen before, researchers said.
Despite the source code being publicly released In October of 2016, the malware has, until now, only been found targeting a fixed set of processors/architectures, said researchers at Palo Alto Networks’ Unit 42.
Unit 42 has found the newly discovered samples are compiled for Altera Nios II, OpenRISC, Tensilica Xtensa, and Xilinx MicroBlaze processors.
“This is not the first time Mirai has been expanded for new processor architectures, samples targeting ARC CPUs were discovered in January 2018,” said Ruchna Nigam, Unit 42 senior threat researcher, in a post. “Yet this development shows that Mirai developers continue to actively innovate, targeting a growing array of IoT devices.”
The malware gained notoriety in 2016 for its use in massive denial of service attacks on Dyn and the website of security blogger Brian Krebs. With the latest discovery, it could mean Mirai attackers would have access to additional firepower for use in denial of service attacks, Nigam said.
To protect against Mirai and other threats, organizations should make securing their IoT devices with the latest updates and non-default passwords a priority, Nigam said.
In addition to the being compiled for these new architectures, Unit 42 found these new samples contain the following new features:
• Encryption algorithm: These samples make use of a modified version of the standard byte-wise XOR (as implemented in the toggle_obf function) used in the original Mirai source code.
• attack_method_ovh: The samples include a DDoS attack option
“Given that the Mirai source code is open source, something as elementary as compiling the same source code for a larger range of processors provides attackers with the advantage of a larger attack surface,” Nigam said. “Practically, this means the family can now infect and propagate via a larger number of embedded devices, affording attackers greater DDoS firepower.