Thursday, May 15, 2025
HomeComputer SecurityNew Form of Mirai Malware Attacking Cross Platform By leveraging Open-Source Project

New Form of Mirai Malware Attacking Cross Platform By leveraging Open-Source Project

Published on

SIEM as a Service

Follow Us on Google News

A newly discovered different form of Mirai malware leveraging Open-Source Project called Aboriginal Linux to infect multiple cross-platforms such as routers, IP cameras, connected devices, and even Android devices.

Mirai malware has strong records of infecting poorly managing IoT devices and performing DDOS attacks on various platforms.

Mirai Malware(Mirai.linux) initially reported in 2016, since than Malware authors are performing various modification and added the more stealthy techniques to target various platforms.

- Advertisement - Google News

In order to run the malware on cross-platform, it must be able to run on different architectures without any runtime surprises or misconfiguration.

In this case, the researcher discovered a remote server that contains multiple malware variants that can use for multiple platforms.

Mirai Malware Infection Process & Leveraging Open-Source Projects

The initial stage of infection starts with a shell script that injecting into vulnerable devices and the shell script keeps tries to download from the remote server.

Later it executes the each and ever individual executables one by one and it keeps checking until a binary compliant with the current architecture is found.

shell script downloads executables one by one until it finds one that works with the current architecture

If any one of the executables executed successfully then it will be ultimately responsible for Mirai Payload that will scan the target for devices with default credentials, or vulnerabilities to exploit the target.

According to Symantec, These variants have been created by leveraging an open-source project called Aboriginal Linux that makes the process of cross-compilation easy, effective, and practically fail-proof.

In this case, Malware authors leveraging the legitimate tools such as this cross-platform to effectively achieve the goal of the attack.

It helps to malware variants to become more robust and compatible with multiple architectures and devices.

Also, it will exploit the variety of devices ranging from routers, IP cameras, connected devices, and even Android devices.

when it was executed within the contained environment by the researcher, it attempted to scan more than 500,000 IP addresses generated through the random generation process.

Mitigation

  • Disable features and services that are not required.
  • Disable Telnet login and use SSH where possible.
  • Disable Universal Plug and Play (UPnP) on routers unless absolutely necessary.
  • Perform an audit of IoT devices used on your network.
  • Change the default credentials on devices. Use strong and unique passwords for device accounts and Wi-Fi networks.
  • Use wired connections instead of wireless, where possible.
  • Regularly check the manufacturer’s website for firmware updates.

Also Read:

Mirai Based Botnet “OMG” Turns IoT Device into a Proxy Server

Hackers who created Dangerous Mirai IoT Botnet Plead Guilty

Dangerous Mirai Botnet Attack Attempts Detected Again from 9,000 Unique IP Addresses

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Coinbase Data Breach – Customers Personal Info, Government‑ID & Transaction Data Exposed

Coinbase, the largest cryptocurrency exchange in the United States, has disclosed a significant cybersecurity...

Inside Turla’s Uroboros Infrastructure and Tactics Revealed

In a nation-state cyber espionage, a recent static analysis of the Uroboros rootkit, attributed...

CISA Alerts on Five Active Zero-Day Windows Vulnerabilities Being Exploited

Cybersecurity professionals and network defenders, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has...

Intruder vs. Acunetix vs. Attaxion: Comparing Vulnerability Management Solutions

The vulnerability management market is projected to reach US$24.08 billion by 2030, with numerous...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Threat Actors Exploit Open Source Packages to Deploy Malware in Supply Chain Attacks

The Socket Threat Research Team has uncovered a surge in supply chain attacks where...

Xanthorox Emerging BlackHat AI Tool Empowering Hackers in Phishing and Malware Campaigns

Artificial intelligence platform named Xanthorox has emerged as a potent new tool for cybercriminals,...

Weaponized Google Calendar Invites Deliver Malicious Payload Using a Single Character

Security researchers have unearthed a sophisticated malware distribution method leveraging Google Calendar invites to...