Just a month back, a new variant of the Gafgyt (Bashlite) botnet was spotted. Now, several other variants of the malware have been discovered.
What’s the update?
Upon examination of various codes, implementations, and techniques of Gafgyt, it was found that they have been incorporated from Mirai. The reuse of the Mirai source code has enhanced the capability of Gafgyt to carry out DDoS attacks in various ways.
Why does it matter?
These latest strains consist of approaches to attain initial compromise of IoT devices. The analysis states that the Huawei and Realtek exploits are used for RCE to fetch and install the botnet.
Other games played
- Just in March, a new Gafgyt strain was spotted using Tor to target vulnerable D-Link and IoT devices.
- Mirai has not disappeared though. A new strain was found exploiting vulnerabilities in SonicWall, Netgear, and D-Link devices.
- Mirai was once again found targeting the Vantage Velocity Field Unit RCE flaw, with an aim to spread Satori.
The bottom line
Innovation is not always the key, sometimes it is reuse. The copying of the leaked source code of Mirai by Gafgyt brings home the fact that it is them versus us. Stay protected against these botnet threats by monitoring suspicious events on a regular basis and keeping your software and firmware patched.