A new variant of the Mirai botnet has added at least three exploits to its arsenal, which enable it to target additional IoT devices, including routers and DVRs.
The new version of Mirai - a powerful cyberattack tool which took down large swathes of the internet across the US and Europe in late-2016 - has been uncovered by researchers at security company Fortinet, who have dubbed it Wicked after lines in the code.
The original version of Mirai was deployed to launch massive distributed denial-of-service (DDoS) attacks, but has also been modified for other means after its source code was published online including to turn unpatched IoT devices into crytocurrency miners and proxy servers for delivering malware.
While the original Mirai uses traditional brute force attacks in an attempt to gain control of IoT devices, Wicked uses known and available exploits in order to do its work. Many of these are old, but the inability of many IoT devices to actually install updates means they haven't been secured against known exploits.
Following a successful compromise, Wicked download an additional payload in the form of Owari, another Mirai variant - although researchers found that the Owari bot samples could no longer be found in the website directory and Wicked was now downloading the Omni bot.
According to Fortinet, this is the latest product by the malicious developer, although Owari had been previously distributed. Researchers have come to the conclusion that four IoT botnets - Wicked, Sora, Owari and Omni are all by the same author.
"This also leads us to the conclusion that while the WICKED bot was originally meant to deliver the Sora botnet, it was later re-purposed to serve the author's succeeding projects," wrote researchers.
IoT devices remain popular targets for cyber attackers - not only do they often lack the security built into other products, but the very nature of the devices mean they're often installed and forgotten about. In order to avoid falling victim to IoT hacks, users should regularly patch the devices when updates are available.