Newly Discovered Botnet Infects Over A Million IoT Devices


It’s been a little over a year since the last major botnet, Mirai, was discovered. This particular piece of malware is responsible for infecting over 2.5 million devices over the course of a few months. The vast majority of these devices were routers and webcams running off of older versions of Linux OS. Once infected, these devices were then used en masse to perform several DDoS attacks, including one which effectively took down the internet for the majority of the US.

The Reaper Botnet Is Here

Newly Discovered Botnet Infects Over A Million IoT Devices
Fear the Reaper! This new botnet is taking the internet (of things) by storm

Just in time for Halloween, a far more advanced botnet has surfaced. This new botnet, fittingly referred to as Reaper, functions similarly to last year’s Mirai. Both of these botnets attempt to grow their zombie horde by targeting IoT devices. That being said, there is one major difference between these two botnets. And it just so happens to be the reason why Reaper is more dangerous.

Reaper vs. Mirai

Newly Discovered Botnet Infects Over A Million IoT Devices
Mirai and Reaper both have similar end games; however, the methods they use to get there are completely different.

To compare, Mirai’s method of breaking into IoT devices was through a simple (but effective) brute force attack. Essentially, Mirai’s malware would identify the manufacturer and model of a particular device and break into it using the device’s default login credentials, which can easily be found online. Reaper on the other hand operates in a much more sinister way.

Reaper assumes control by exploiting common weaknesses found in an IoT device’s (notoriously weak) security protocols. Think of a hacker breaking into a computer system or network – Reaper uses similar tactics to hack IoT devices. This, in turn, allows Reaper to possess far more devices than Mirai ever could.

To put things into perspective, Mirai took nearly 3 months to accumulate it’s peak 2.5 million IoT devices. However, Reaper was only discovered last week and has already infected close to two million IoT devices.

If you have reason to believe that your IoT devices may have become enslaved by a botnet overlord, the first thing you should do is look for any new updates or patches made available by the device’s manufacturer. If your device does not have the ability to update (as is the case with many IoT devices) your only other option may be to perform a factory reset. Note you’ll have to redo any changes you once made to your device, such as changing the login credentials.


Have you been affected by this new botnet attack? Are you concerned about the future of IoT security? Let us know in the comments below!