Name of Malware: Mirai

Type of Malware: Worm

Affected Operating Systems: Linux

Affected Device Types: Home routers, security cameras, general IoT devices

Impact: medium

What is Mirai?

Mirai is a piece of IoT malware that infects devices such as routers, cameras, smart TVs or other "smart" systems and forces them to register with a command and control server. The registered infected systems become members of a botnet and can be remotely controlled to execute criminal activities, such as DDoS attacks and infecting other systems.

How did I get infected with Mirai?

Mirai infections can arise without the user actively downloading or running the malware. Mirai spreads by constantly searching for IoT devices that can be contacted via the Internet. Devices that have no password protection, or that have a weak password (e.g. factory default or standard password) are at risk.

What do I have to do now?

Mirai exists solely in the volatile memory of the infected systems, i.e. the portion of the memory that is wiped each time the device is restarted. For this reason, a restart is all it takes to remove the malware. However, vulnerable devices can be infected again as soon as they connect to the Internet. The best way to protect yourself against Mirai attacks is to use strong passwords to protect these kinds of systems.

Technical specifications

Further information on this malware can be found on the website of our project partner Fraunhofer FKIE.