Katana: a new variant of the Mirai botnet

From prod-blog.avira.com

Avira’s IoT research team has recently identified a new variant of the Mirai botnet. It has been named Katana, after the Japanese sword.

Although the Katana botnet is still in development, it already has modules such as layer 7 DDoS, different encryption keys for each source, fast self-replication, and secure C&C. There are indications that katana may be associated with an  HTTP banking botnet in the future.

We’ve previously looked at how Mirai, an IoT botnet, has evolved since its source code became public. A recent analysis of IoT attacks and malware trends shows that Mirai’s evolution continues. For example, variants of Mirai can be bought, sold, or sourced via YouTube channels, in this case, VegaSec. These, and other changes, enable unskilled attackers to create malicious botnets, resulting in an increase in attacks.

Read more…