New Reaper malware infects 2 million-plus “internet of things” devices
A recently discovered form of botnet malware has been found rapidly spreading, with more than 2 million “internet of things” devices believed to have already been infected.
Dubbed IoT_Reaper by security researchers at Chinese security company Qihoo 360, the malware is based on the infamous Mirai internet of things worm that first compromised millions of devices in 2016 — but with some noticeable differences.
One of those differences is that Reaper doesn’t attempt to crack passwords on targeted devices. Instead, it spreads itself using known device vulnerabilities such as attempting to log in using a preset list of default or weak credentials via open Telnet ports. Qihoo 360 notes that Reaper currently has nine different packages that target vulnerabilities in devices made by D-Link, Netgear, Linksys, AVTech, Vacron, JAWS and GoAhead.
Putting the number of infected devices at the smaller but still significant figure of 1 million, researchers at Check Point Software Technologies Ltd. wrote late last week that “while some technical aspects lead us to suspect a possible connection to Mirai, this is an entirely new and far more sophisticated campaign that is rapidly spreading worldwide.”
Both companies said they have not detected the Reaper botnet being used for nefarious purposes so far, but given it has a limited number of purposes, it’s only a matter of time until those behind it start using it.
“In terms of attacking command, although we saw support of DDoS [distributed denial of service] attack in the source file … we have not seen actual DDoS attack so far,” the researchers at Qihoo 360 said, before adding that “this means the attacker is still focusing on spreading the botnets.” The Check Point researchers noted that “it is too early to guess the intentions of the threat actors behind it, but with previous botnet DDoS attacks essentially taking down the internet, it is vital that organizations make proper preparations.”
Operators of internet of things devices are advised to check that they are not exposing vulnerable devices to the internet, to apply any security patches that may be available for the device and, if they detect an infected device, they should immediately take it offline.
Photo: Peter/Wikimedia Commons
Since you’re here …
Show your support for our mission by our 1-click subscribe to our YouTube Channel (below) — The more subscribers we have the more then YouTube’s algorithm promotes our content to users interested in #EnterpriseTech. Thank you.
Support Our Mission: >>>>>> SUBSCRIBE NOW >>>>>> to our Youtube Channel
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.