Symantec researchers discovered a new wave of Linux.Mirai variants that leverages open source project for cross platform infection techniques.
The botnet is able to run on different architectures and platforms in a self-contained capsule without any runtime surprises or misconfiguration all of which makes the malware extremely portable, according to an Aug 23 blog post.
While researchers have seen this behavior before, this variant in particular is interesting because of its compiled binary and because it has been created using an open-source project called Aboriginal Linux that makes the process of cross-compilation easy, effective, and practically fail-proof, researchers said.
“Given that the existing code base is combined with an elegant cross-compilation framework, the resultant malware variants are more robust and compatible with multiple architectures and devices, making it executable on a wide variety of devices ranging from routers, IP cameras, connected devices, and even Android devices,” Symantec Principal Threat Analysis Engineer Dinesh Venkatesan said in the post.
Venkatesan added that it's profitable for malware author continue to evolve malware like Linux.Mirai since the IoT market is hugely fragmented and because most connected devices do not receive software patches for the known vulnerabilities making them prime targets.
In order to prevent infections researchers recommend users research the capabilities and security features of an IoT device before purchase, perform an audit of the IoT devices on their network, and ensure that all default credentials are changed.
In addition, users should disable features and services that aren't required, disable or protect remote access to IoT devices when not needed, and frequently check the manufacturer's website for firmware updates.