Unit 42 researchers discovered new malicious activity targeting IoT devices. Using Mirai, a malware capable of turning Linux-based devices into remotely controlled bots, hackers can orchestrate larger attacks. This variant of Mirai, dubbed IZ1H9, was first uncovered in August 2018 and has been frequently utilized since.
The research team observed a wave of malicious campaigns using IZ1H9 on April 10 and published a malware analysis on May 25. They discovered the malware spreads through HTTP, SSH, and Telnet protocols. After installation, the IZ1H9 botnet client checks the network portion of the device’s IP address. The malware avoids execution on government networks, internet providers, and large tech companies. IZ1H9 also ensures each infected device is only running one instance of the malware. Unit 42 noted that the malware is not highly complex, but it still allows bad actors to execute remote code and add new devices to their botnet. To mitigate the risk of future distributed denial-of-service attacks users should apply all updates and patches.
Read More: