OMG Mirai botnet turns IoT devices into proxy servers

New Mirai malware called OMG can turn any IoT device into the proxy server

OMG Mirai botnet turns IoT devices into proxy servers

Researchers detected a new Mirai-based botnet that can turn Internet of Things (IoT) devices into a proxy server. The purpose of the malware is to sell anonymous access to the compromised device to cyber criminals. In this way, attackers can easily perform their malicious activities.

The new version of Mirai malware[1] has a short and vivid name – OMG. It includes some features of the original malware code. For instance, it has the attack, killer and scanner modules. However, the significant feature of this recent malware is a proxy function.

According to the FortiGuard Labs research,[2] it’s the first variant of Mirai malware that is capable of using proxies and distributed denial-of-service (DDoS) attacks. However, this functionality is expected to be adopted in the future too.

It seems that the main purpose of the OMG malware is to sell access to hacked IoT devices to cyber criminals. Crooks always care about anonymity and use proxies to carry out various cyber attacks by taking advantage of vulnerable IoT devices.

New variations of Mirai appear after the code leak in 2016

Mirai OMG malware is not the first modification of the virus. Security specialists spotted several versions of malware since its source code was leaked in October 2016, a couple of weeks after massive Distributed Denial of Service (DDoS) attacks to Krebs on Security website.

In the HackForum, a user called Anna-senpai revealed that the source code of Mirai was leaked:[3]

When I first go in DDoS industry, I wasn’t planning on staying in it long. I made my money, there’s lots of eyes looking ad IOT now, so it’s time to GTFO [link added]. However, I know every skid and their mama, it’s their wet dream to have something besides qbot.

So today, I have an amazing release for you. With Mirai, I usually I usually pull max 380k bots from telnet alone. However, after the Kreb DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping.

So, I am your senpai, and I will treat you real nice, my hf-chain.

In 2017, researchers reported about Satori[4] – version of Mirai botnet that exploited a zero-day vulnerability in Huawei routers. At the beginning of this year, Okiru malware was aiming at ARC processors. Meanwhile, in January the botnet was used for cryptocurrency mining activities.[5]

However, attacks on IoT devices become more popular. The Masuta (or PureMasuta) version of Mira was exploiting D-Link router’s vulnerabilities. The recent discovery of OMG Mirai botnet allows assuming that similar attacks will continue in the future.

Secure your IoT devices from hackers

Security experts warn that all IoT devices can be targeted by botnets, or thingbots. Hence, it’s important to take precautions in order to avoid cyber criminals from hacking your device and causing privacy or security problems. Follow these tips to secure your IoT device:[6]

  • Connect your device only if you really need it. It means that if your TV can connect to the Internet, it does not mean that you really have to use this feature all the time.
  • Use the different network to connect your IoT device to the internet.
  • Set strong and unique passwords for all devices.
    Turn off Universal Plug and Play (UPnP) feature because the attackers can exploit its vulnerabilities.
  • Protect your routers and Wi-Fi networks with a firewall.
  • Install firmware updates.
  • Avoid IoT devices that offer P2P features.
  • Do not keep your device turned on all the time; turn it off when not in use.
About the author
Linas Kiguolis
Linas Kiguolis - Expert in social media

Linas Kiguolis is one of News Editors and also the Social Media Manager of 2spyware project. He is an Applied Computer Science professional whose expertise in cyber security is a valuable addition to the team.

Contact Linas Kiguolis
About the company Esolutions

References