New Iot Botnet Torii Uses Six Methods for Persistence, Has No Clear Purpose


Security researchers discovered a new IoT botnet that is in a league superior to the Mirai variants that rise and fall on a daily basis.

The developers of the botnet seek wide coverage and for this purpose they created binaries for multiple CPU architectures, tailoring the malware for stealth and persistence.

Communication with the command and control (C2) servers is  encrypted and capabilities include exfiltration and, command execution.

According to research from Avast, the malware has been active since at least December 2017 and it targets devices on several CPU architectures: like MIPS, ARM, x86, x64, PowerPC, and SuperH.

Although multi-platform support is common among Mirai-based threats, the researchers say Torii supports one of the largest sets of architectures they’ve seen so far.


Read more here