Mirai, the dreaded IoT botnet that had caused quite a few headaches to businesses worldwide, has a spiritual successor that not only employs similar strategies but also builds upon this to become even more deadly.
Security researchers call it the Echobot malware, and it comes with exploits for eight extra vulnerabilities, some of which could still be unpatched.
"Some of the new exploits they've added are older and have remained unpatched by the vendor," security researcher from Akamai, Larry Cashdollar, explains. "It seems the updates to Echobot are targeting systems that have possibly remained in service, but whose vulnerabilities were forgotten."
Security researchers that first discovered the malware, Palo Alto Networks’ Unit 42, says Echobot doesn’t just target connected devices, as Mirai did, but also goes after enterprise applications.
Cashdollar has also been keeping tabs on the Echobot binary, and he says there are some flaws that still haven’t been officially recognised and don’t have an CVE identifier. He agrees that Echobot is trying to cast a wider net, compared to its older sibling Mirai.
“They’re pretty much looking for any command or code-execution vulnerability they can find that doesn’t require authentication,” he said.
Echobot shares some of the source code with Mirai, Cashdollar said, adding that whoever is behind it is probably getting ready to launch a DDoS attack in the future. Given that there are multiple Echobot variants, researchers believe the same group is behind both versions.
Image source: Shutterstock/everything possible