View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 16, 2019updated 17 Dec 2019 10:01am

New Mirai Malware Strain Emerges, Scans for 71 Unique Exploits

Online payment systems and even a yacht control application now targeted...

By CBR Staff Writer

A new variant of the ubiquitous Mirai malware trawls the internet for a huge 71 unique exploits, including 13 new vulnerabilities not previously seen exploited in the wild.

That’s according to a fresh report from Palo Alto Networks that landed Monday, which details the botnet-creating malware’s use of “extremely old CVEs” (as early as 2003) through to vulnerabilities made public as recently as early December 2019.


The new Mirai malware strain, dubbed ECHOBOT, was first seen in the wild in May 2019. The latest version, which scans for a host of fresh exploits, in turn first surfaced on October 28th, 2019 for a couple of hours, after which it was taken down.

It then resurfaced on December 3, switching payload IPs and adding two more exploits that weren’t in the samples analysed in October, Palo Alto said.

The new exploits that it targets span a “range of devices from the usually expected routers, firewalls, IP cameras and server management utilities, to more rarely seen targets like… an online payment system and even a yacht control web application.”

Mirai typically targets Internet of Things (IoT) devices, then turns them into zombie machines which can be put to a wide range of malicious uses.

Mirai Malware: 60+ Variants in the Wild

Mirai is now made up of several different botnets, which sometimes compete with each other. The Mirai malware first drew widespread scrutiny after it underpinned a huge DDoS takedown of DNS provider Dyn in 2016. IBM’s X-Force says there are now at least 63 Mirai variants, and sees it double as much as the next Mirai-like botnet, Gafgyt.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Palo Alto lists the CVEs ECHOBOT exploits and IOCs here.

See also: Red Hat Warns Over Critical “Envoy” Vulnerability: Users Include a Who’s Who of Big Tech

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.