New IoT worm MIRAI variant can infect Android and DEBIAN systems for the first time

The widely used IoT device worm MIRAI is currently found to have new variants, and the worm variant has a stronger infection ability than the previous version.

What is incredible is that the new variant is a discarded version. This new variant was redeveloped based on the MIRAI SORA variant. The MIRAI SORA worm author said in an interview that the version is no longer being developed, and other attackers modify the current version of the Internet.

MIRAI first infected Android and DEBIAN:

Both the original version of MIRAI and the previous variants were not infected with the Android system and the DEBIAN system, however, MIRAI SORA broke this limitation.

After tracking, Symantec found that this MIRAI variant was first infected with Android and Debian systems, and it was also possible to perform infections on multiple architectures.

Thanks to the continuous increase in the current infection volume of MIRAI SORA, most of the infected devices are explosive IoT devices.

These IoT devices use Android or Debian-based systems such as TV set-top boxes, Raspberry Pi, and some network cameras.

MIRAI SORA cannot be started:

As with most MIRAI variants, the worm will stop after restarting the system, because these MIRAI-type worms cannot be booted.

But Symantec warns that even if MIRAI SORA isn’t self-starting, it doesn’t affect infections, because there are so many potential vulnerabilities in IoT-like device firmware.

At the same time, MIRAI SORA is also infected with the device default password. These infected IoT devices have not modified the default password at all.

Via: bleepingcomputer