While most of the malware and ransomware infection used to targets desktops in the past, Linux.Mirai has been recognized as a newly emerged Trojan infection crafted for the sole purpose of hitting Linux-based IoT devices in an unsophisticated manner. This Trojan infection do have tendency of acquiring silent perforation inside the PC via performing DDoS attacks on it. This vicious threat was firstly detected by Doctor Web in May 2016, after being added to it’s malware/virus database under the name Linux.DDoS.87. This infection was previously known as the name of BASHLITE, Lizkkebab, Gafgypt and Torlus.
It is reported capable of compromising the SPARC, MIPS, ARM, M68K, SH-4 and Intel x86 computers. Similar to those of various other menacing Trojan infection, it on procuring complete perforation inside the PC contributes tons of issues inside it. It first of all searches the PC’s memory deeply regarding the processes of various other Trojan infections and terminates them thoroughly upon it’s launch. Moreover it also generates a .shinigami file in it’s folder and substantiate it’s presence on a constant basis in order to surpass terminating itself. Basically the main purpose of the crafter behind the development of Linux.Mirai is to establish a connection between the compromised PC and a command & control server regarding further instructions.
This Trojan infection on getting instructed by the command & control server, releases UDP flood over GRE, UDP flood, TCP flood, DNS flood and HTTP flood DDoS attacks. This DDoS Trojan infection mainly aims to target IoT devices including platforms such as SPARC, SH4, PPC, ARM, MIPS and x86. Together with this the threat has also been reported compromising the hardware with Busybox GNU library.
MalwareMustDie researchers claims that they had spotted “/dvrHelper” string in the Linux.Mirai code. This clearly states that the malware targets the IP cameras and DVRs. Aside from this, this threat also enables attackers to make access to the unattended Linux servers utilizing the same structure. In addition to this, it has also been concluded that all the Linux devices based on the x86-32 architecture are not in the hit list of the DDoS Trojan infection since most of the samples are powered by ARM chips. Due to all precarious consequences, it is advised to implement some effective security method on the Linux based device to protect them from Linux.Mirai.