Sunday, August 25, 2019

Stealthy Torii - a level above Mirai

A large range of internet of things (IoT) devices being attacked by malware with advanced capabilities and the researchers said "its sophistication is a level above anything we have seen before".

2018 has been a year where the Mirai and QBot variants just keep coming. Any script kiddie now can use the Mirai source code, make a few changes, give it a new Japanese-sounding name, and then release it as a new botnet.

As per Avast:
 the Torii tries to be more stealthy and persistent once the device is compromised, and it does not (yet) do the usual stuff a botnet does

Instead, it comes with a quite rich set of features for exfiltration of (sensitive) information, modular architecture capable of fetching and executing other commands and executables and all of it via multiple layers of encrypted communication.

Torii can infect a wide range of devices and it provides support for a wide range of target architectures, including MIPS, ARM, x86, x64, PowerPC, SuperH, and others.

Telnet attacks have been coming to his honeypot from Tor exit nodes, so Avast decided to name this botnet strain “Torii”.

No comments:

Post a Comment

Thank you for your comment. Will try to react as soon as possible.

Regards,

Networ King