New Mirai botnet species 'Okiru' hunts for ARC-based kit

Researchers: Code designed to hit Linux devices

By John Leyden

Posted in Security, 16th January 2018 11:56 GMT

A new variant of the notorious Mirai malware is exploiting kit with ARC processors.

The nasty, dubbed Okiru, is the first capable of infecting devices powered by ARC CPUs. This is according to Japan-based malware researcher UnixFreaxjp of the infosec group Malware Must Die.

RISC-based ARC embedded processors are used in a variety of internet-connected products including cars, mobiles, TVs, cameras and more. The discovery of malware capable of infecting such devices is troubling because of how much damage IoT botnets have caused in the past.

The Mirai botnet of 100,000 IoT devices wreaked havoc across the web in 2016 by taking down DNS services provider Dyn.

"There are likely more than 1.5 billion devices out there with ARC processors, enough to overwhelm the largest of networks," warned Barry Shteiman, director of threat research at security vendor Exabeam.

Researchers at Malware Must Die told El Reg: "The samples have been spotted in multiple places from several sources, some were spotted after infection, some are sitting in C2. For sure, ARC Linux devices are being targeted.

"The analysis of the code after decompilation shows the herders were preparing ARC binary specifically to target one particular Linux environment."

Malware Must Die said it was unable to give any estimate on how many devices had already been infected. ®

Sign up to our NewsletterGet IT in your inbox daily

11 Comments

More from The Register

Microsoft emergency update: Malware Engine needs, erm, malware protection

Stop appreciating the irony and go install the patch now

Security bods liberate EITest malware slaves

Miscreants' command and control network traffic sent down sinkhole

Hey, govt hacker bod. Made some really nasty malware? Don't be upset if it returns to bite you

RSA 2018 Cough, cough, EternalBlue, cough, cough Wannacry, splutter, Stuxnet

Infosec brainiacs release public dataset to classify new malware using AI

Data is the secret sauce to advancing AI research

Crumbs! Crunchyroll distributed malware for a couple of hours

Anime-streamer is fine again, and disinfection is easy

Researchers create AI attacker to defeat AI malware defender

It's like Spy Vs Spy, but with neural network boffins

Slingshot malware uses cunning plan to find a route to sysadmins

Advanced router code has been in circulation for six years

'R2D2' stops disk-wipe malware before it executes evil commands

'Reactive Redundancy for Data Destruction Protection' stops the likes of Shamoon and Stonedrill before they hit 'erase'

Surprise: Norks not actually behind Olympic Destroyer malware outbreak – Kaspersky

Who framed Pyongyang, then, we wonder

Taiwanese cops give malware-laden USB sticks as prizes for security quiz

What was second prize? We think we'd rather have that