Torii botnet targets hardware based on x86, x64, MIPS, SuperH and ARM

Another botnet discovered after Mirai. That is the Torii botnet which targets almost every device of today. That is because it covers all hardware architectures. And surely this new botnet is created with super knowledge how the botnet works. Researchers at computer security company Avast have published a report revealing the existence of a new botnet called Torii, whose goal is to attack Internet of Things (IoT) devices and unlike other similar attack programs, it has shown an unprecedented level of complexity.

Torii botnet targets hardware based on x86, x64, MIPS, SuperH and ARM

The botnet was first discovered by an independent researcher whose Twitter user is VessOnSecurity, the one who discovered the malware after analyzing his honeypot was spread by an attack from the exit nodes of the Tor network.

Vess also said that Torii’s operation is quite sophisticated, beyond the dreaded Mirai botnet. Avast’s threat analysis showed that the botnet was developed by a hacker with extensive knowledge of how the botnets work, rather than a bolt attack, as previously observed. According to Avast’s report:

Related:   Apple's version of Chromecast is on its way for 2019 alongside streaming platform

Torii has quite extensive capabilities for exfiltrating (sensitive) information, a modular architecture capable of searching for and executing other commands and executable files, and all this across multiple layers of communication.

According to researchers, Torii might have been active since last year, and its targeting capabilities aren’t what you often see in a botnet. In fact, the report says it can compromise hardware architectures based on x86, x64, MIPS, SuperH, ARM and others. In this sense, almost every desktop computer, smartphone, laptop and tablet in use today can be compromised by the botnet.

In terms of the attack itself, the botnet takes advantage of weak passwords on IoT devices to compromise these systems with a shell script that detects or attempts to detect the architecture of the device that it is attempting to attack. Subsequently, it executes the appropriate malware load.