- Jul 22, 2014
- 2,525
Security researchers discovered a new IoT botnet that is in a league superior to the Mirai variants that rise and fall on a daily basis.
The developers of the botnet seek wide coverage and for this purpose they created binaries for multiple CPU architectures, tailoring the malware for stealth and persistence. Communication with the command and control (C2) servers is encrypted and capabilities include exfiltration and, command execution.
According to research from Avast, the malware has been active since at least December 2017 and it targets devices on several CPU architectures: like MIPS, ARM, x86, x64, PowerPC, and SuperH.
Although multi-platform support is common among Mirai-based threats, the researchers say Torii supports one of the largest sets of architectures they've seen so far.
Telnet attacks coming through Tor
...
...
Its functionality remains a mystery for now but the possibilities are numerous because it can be used to run any command on the infected device. Even more, the fact that it is written in GOP language allows it to be recompiled for a diverse array of devices.
"Taking into account that this file is running on a malware distribution machine, it is quite possible that it is a backdoor or even a service to orchestrate multiple machines," Avast surmises.
...
The developers of the botnet seek wide coverage and for this purpose they created binaries for multiple CPU architectures, tailoring the malware for stealth and persistence. Communication with the command and control (C2) servers is encrypted and capabilities include exfiltration and, command execution.
According to research from Avast, the malware has been active since at least December 2017 and it targets devices on several CPU architectures: like MIPS, ARM, x86, x64, PowerPC, and SuperH.
Although multi-platform support is common among Mirai-based threats, the researchers say Torii supports one of the largest sets of architectures they've seen so far.
Telnet attacks coming through Tor
...
...
Its functionality remains a mystery for now but the possibilities are numerous because it can be used to run any command on the infected device. Even more, the fact that it is written in GOP language allows it to be recompiled for a diverse array of devices.
"Taking into account that this file is running on a malware distribution machine, it is quite possible that it is a backdoor or even a service to orchestrate multiple machines," Avast surmises.
...