New Mirai Okiru botnet attacks devices running ARC processors




Cybersecurity experts have noticed a new version of the infamous Mirai IoT malware, designed to hack insecure devices that run on ARC embedded processors.

So far, Mirai malware and its variants have been focusing on processor architectures deployed in millions of IoT devices - including x86, ARM, Sparc, MIPS, PowerPC and Motorola 6800.

The new Mirai variant is called Okiru, it is spotted by @unixfreaxjp from MalwareMustDie team and notified by independent expert Odisseus.




This is a new type of ELF malware that targets ARC-based embedded devices running Linux operating system.

"This is the FIRST TIME ever in the history of computer engineering that there is a malware for ARC CPU, & it is #MIRAI OKIRU!! Pls be noted of this fact, & be ready for the bigger impact on infection Mirai (specially #Okiru) to devices hasn't been infected yet," Odisseus tweeted.

The ARC processor (Argonaut RISC Core) is the second most popular processor core in the world that is being shipped in more than 2 billion products every year, including cameras, mobile, utility meters, TVs, flash drives, automotive and various IoT devices.




However, this is not Mirai's first botnet version based on Linux ELF malware. Mirai also has another ELF-based variant, which was designed to attack devices running MIPS and ARM processors. This one was noticed in the summer of 2016.

Okiru is "very different" from Satori IoT botnet despite having several similar characteristics.

The arrival of ARC-based IoT devices into botnet scheme will exponentially raise the number of insecure devices to an unprecedented size, and this will make it easier for hackers to control a large number of poorly configured and vulnerable IoT devices.

Would you like to comment on this article?




New banking malware FakeBank can intercept messages to steal data and money

FakeBank malware can steal sensitive information from the device including phone numbers, balance on a linked bank card and location data.


New Cryptomix ransomware variant released

Hackers have released a new version of Cryptomix that adds the .SERVER extension to encrypted files.


Meltdown and Specter vulnerabilities affect Intel, ARM, AMD processors

Almost all PCs, laptops, tablets and smartphones are in danger, regardless of manufacturer or operating system.

Sign up for our online newsletter!