Late last year, in several high-profile and potent DDoS attacks, Linux-targeting Mirai (identified by Trend Micro as ELF_MIRAI family) revealed just how broken the Internet of Things ecosystem is. The malware is now making headlines again, thanks to a new Windows Trojan that drastically increases its distribution capabilities.
We predicted last year that the propagation of Mirai-like malware for DDoS attacks is set to increase—but this new Trojan focuses on spreading Mirai itself and not any mimic. In 2015 and 2016, Mirai relied on a type of brute-force attack, with bots constantly pinging IP addresses to pinpoint more potential victims. This newly-identified Windows Trojan (detected by Trend Micro as BKDR_MIRAI.A) helps find potential Mirai victims, and amplifies the Mirai bots distribution.