A new cybersecurity threat had appeared in the cyber web. The danger is a new version of the infamous Mirai botnet can set up proxy servers on the infected Internet of Things (IoT) devices, meaning there is a new cybersecurity threat.
Mirai is a DDoS capable malware family that appeared in late 2016. IoT devices are targeted to transform them into a botnet that launches powerful attacks.
This is a dangerous situation because there is no antivirus for IoT devices, meaning cybersecurity will have to face many problems until a cybersecurity solution is developed.
Referred to as, OMG because of strings containing OOMGA, this new malware have most of Mirai’s functions, but also adds its features.
The OMG malware’s configuration includes two strings used to add a firewall rule to ensure traffic on two random ports is possible.
This new malware version has Mirai’s original way of attack, killing, and scanning modules, it can do all of the operations that Mirai could: killing processes, telnet brute force login, and DDoS attacks.
After OMG infects, it connects to the C&C server on port 50023. Soon after the infection, the malware sends a defined data message to the server to register the newly infected bot.
The server sends back a 5-byte data string, containing the first byte is a command on how the newly recruited device should be used: 0 if it should be used as a proxy server, 1 for an attack, and >1 to terminate the connection.
OMG, our cybersecurity researchers discovered is using an open source software 3proxy as its proxy server. During its install, OMG generates two random ports for the http_proxy_port and socks_proxy_port, then reports them to the C&C, and after it adds a firewall rule to allow traffic on these ports.
OMG sets up 3proxy with the predefined configuration embedded in its code. Our cybersecurity researchers saw that the cybercriminals behind it monetize the malware by selling access to the IoT proxy server.
Remember to always practice good security habits on every device that you own, and also remember that is dangerous to leave them without a cybersecurity solution for protection like an antivirus. Because every malware has to infect starting from somewhere, many of your IoT devices inside a network can be affected by OMG quickly if there isn’t a best antivirus solution present.