A newly-discovered malware is rapidly spreading and is thought to have already infected over two million IoT devices. It was dubbed “Reaper_IoT” by the Chinese security firm Qihoo 360, and is believed to be based on the infamous Mirai malware, but with some differences.
A main difference is Reaper does not attempt to crack passwords, but attempts to login with a known set of weak, or default credentials via open Telnet ports.
Qihoo 360 said that Reaper has nine different packages that are targeting known weaknesses in devices made by AVTech, D-Link, GoAhead, JAWS, Linksys, Netgear, and Vacron. Another security firm, Check Point Software Technologies, said, “while some technical aspects lead us to suspect a possible connection to Mirai, this is an entirely new and far more sophisticated campaign that is rapidly spreading worldwide.” Both companies say they have not seen Reaper being used for nefarious purposes yet, but believe “it’s only a matter of time.”
IoT users are advised to ensure that they are not exposing any vulnerable devices to the internet, to apply any available security patches, always change default passwords, and if they detect an infection, immediately take the device offline.