Over the last few weeks, a series of powerful hacker attacks powered by the malware known as Mirai have used botnets created of internet-connected devices to clobber targets ranging from the internet backbone company Dyn to the French internet service provider OVH. And just when it seemed that Mirai might be losing steam, new evidence shows that it’s still dangerous—and even evolving.
Researchers following Mirai say that while the number of daily assaults dipped briefly, they’re now observing development in the Mirai malware itself that seems designed to allow it to infect more of the vulnerable routers, DVRs and other internet-of-things (IoT) gadgets it’s hijacked to power its streams of malicious traffic. That progression could actually increase the total population available to the botnet, they warn, potentially giving it more total compute power to draw on.
“There was an idea that maybe the bots would die off or darken over time, but I think what we are seeing is Mirai evolve,” says John Costello, a senior analyst at the security intelligence firm Flashpoint. “People are really being creative and finding new ways to infect devices that weren’t susceptible previously. Mirai is not going away.”