The Mirai botnet first surfaced in 2016, disrupting many of the world’s largest websites. Variants have been growing steadily, helped by an environment of poorly managed IoT devices, Symantec found, as well as by the release of the malware’s source code.

The new variants have been created by leveraging an open source project named Aboriginal Linux, with the effect of making the botnet more robust, and compatible with many diverse architectures and devices that range from routers, IP cameras, and other connected Internet of Things and Android-based devices.

Aboriginal Linux is no longer under active development, but had the goal of being the smallest Linux system capable of rebuilding itself under itself.

Malware must be able to run self-contained on a system, and when Symantec found the new variants they found the writers had exploited Aboriginal Linux’ cross-compilation facilities, making portability effortless. Aboriginal Linux, of course, has no involvement in malware and is an excellent open source project. It has simply been misappropriated by those with malicious intent.

Nevertheless, the end result is that a malicious person can be quite comfortable their botnet will execute and run on any targeted device, irrespective of its architecture.

Symantec has detailed the malware, which they label Linux.Mirai, and offers tips to protect your IoT devices from malware.

• Research the capabilities and security features of your IoT devices.
• Perform an audit of IoT devices on your network.
• Change the default credentials on every device, using strong and unique passwords.
• Use strong encryption for Wi-Fi.
• Disable features and services which you do not require, including remote login.
• Disable Universal Plug and Play (UPnP) on routers unless you absolutely require it.
• Regularly check for firmware updates.