New Mirai Variant Targets Billions of ARC-Based Endpoints[source: infosecurity-magazine]

Security experts are warning of a new Mirai variant targeting ARC processors, which could have an even bigger impact than the notorious malware on which it is based.

RISC-based ARC processors are widely used in IoT and embedded systems and said to beshipped in over 1.5 billion products each year.

The new threat — named Okiru, which is Japanese for “wake up” — was first spotted by MalwareMustDie researcher @unixfreaxjp and touted as the first ever malware developed for ARC systems.

At the time of writing, 20/59 AV tools on VirusTotal detected the ELF malware threat.

Another researcher, Odisseus, tweeted the findings:

“This is the FIRST TIME ever in the history of computer engineering that there is a malware for ARC CPU, & it is #MIRAI OKIRU!! Pls be noted of this fact, & be ready for the bigger impact on infection Mirai (specially #Okiru) to devices hasn’t been infected yet.”

However, it’s important to note that this Okiru is not the same one as that also linked to the Satori IoT botnet used to attack Huawei routers last month.

A Reddit thread explains the differences.

“Okiru variant’s config is encrypted in two parts w/ telnet bombardment password encrypted, Satori does not split it in 2parts and doesn’t encrypt brute default passwords,” it explains. “Also Okiru’s telnet attack login information is a bit longer (can be up to 114 credentials, max counted), while Satori is having different and shorter database.”

For more, click here.

Share