Mirai Okiru DDoS botnet targets ARC-based IoT

A new variant of the infamous Mirai malware dubbed “Okiru” (Mirai Okiru) is now capable of infecting devices running the ARC CPU.

Independent security researcher Odisseus‏ posted in a Tweet over the weekend, “This is the FIRST TIME ever in the history of computer engineering that there is a malware for ARC CPU, & it is #MIRAI OKIRU!! Pls be noted of this fact, & be ready for the bigger impact on infection Mirai (specially #Okiru) to devices hasn’t been infected yet.”

Odisseus also credited the ‘Malware Must Die‘ white hat security team (@MalwareMustDie) for the discovery and @CertPa and @guelfoweb for the immediate report of Mirai Okiru malware.

RISC-based ARC embedded processors are used in over a billion Internet of Things (IoT) devices, such as internet-connected cars, cameras, TVs and more. Vulnerable Linux-based IoT devices could be a prime target by hackers to launch distributed denial of service (DDoS) attacks. 

Just last month, Checkpoint researchers discovered another variant of Mirai malware dubbed Satori (or OKIRU/SATORI) that was used to attack hundreds of thousands of Huawei home routers over several weeks late last year.

The Satori exploit code used in the attack was soon made public. Researchers further warned that the malicious code could quickly be used to launch common DDoS attacks via botnets.

Researcher Odisseus pointed out via Tweet there are key differences between the Satori and Okiru variants security teams should be aware of. 

Leave a Reply

Close Menu