‘Cyber hurricane’ poised to strike as malware infects millions of devices worldwide
“Our research suggests we are now experiencing the calm before an even more powerful storm,” Check Point Software said, adding that it doesn’t know how the code will be employed or the extent of the damage it could cause.
Reaper, or IoTrooper, is a massive zombie robotic network, or botnet, that is rapidly infecting millions of Internet of Things devices, including webcams, video recorders and security cameras.
Netlab 360 warned Reaper is “actively expanding” and that there are “millions of potential vulnerable device IPs being queued” into the system which will be injected with the malicious code.
The botnet was first discovered in mid-September, and is based on the source code for the Mirai botnet that attacked websites with distributed denial-of-service (DDoS) attacks last October. The attack spread to more than 164 countries and companies affected included Netflix, Twitter, Amazon, CNN and Spotify.
The source of the code remains unknown but Reaper has improved on Mirai as “about 100 different functions” have been added to the code. “It has the potential to reach many, many more devices,” Check Point’s Maya Horowitz said.
Reaper works by exploiting existing vulnerabilities in devices and injecting them with malicious code that can be used at a later stage to carry out an attack. By taking advantage of vulnerabilities, the device can be infiltrated without raising any alarms. The malware then spreads from infected devices to others, like a worm.
Perhaps the most worrying aspect of Reaper is that no-one can figure out what the botnet will be used for, as it has the ability to run complex attacks.
"It could be something that's meant to create global chaos," Horowitz said. "But it could be something that's more targeted."