The FortiGuard Labs team has spotted a new variant of the Mirai botnet dubbed “Wicked” that has added three new exploits to target unpatched Internet of Things (IoT) devices.
There has been an increase in Mirai variants since the source code was made public two years ago. Hackers have been making modifications to add capabilities, such as turning infected devices into malware proxies and cryptominers.
This new variant has added three exploits used to target unpatched IoT devices.
Three vulnerabilities exploited include a command injection attack on Netgear R7000 and R6400 (CVE-2016-6277), a CCTV-DVR Remote Code Execution flaw and an invoker shell in compromised web servers.
After successfully exploited, Wicked then downloads another malicious payload and variant, Owari, from a malicious site. Multiple bot variants were observed to be downloaded to include Owari, Sora and Omni.
“We can essentially confirm that the author of the botnets Wicked, Sora, Owari, and Omni are one and the same,” FortiGuard concluded in their blog post on Thursday.