Saved in:
Bibliographic Details
Main Authors: Famera, Angela, Hilger, Ben, Bhunia, Suman, Heil, Patrick
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2508.01909
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866913973387919360
author Famera, Angela
Hilger, Ben
Bhunia, Suman
Heil, Patrick
author_facet Famera, Angela
Hilger, Ben
Bhunia, Suman
Heil, Patrick
contents Mirai is undoubtedly one of the most significant Internet of Things (IoT) botnet attacks in history. In terms of its detrimental effects, seamless spread, and low detection rate, it surpassed its predecessors. Its developers released the source code, which triggered the development of several variants that combined the old code with newer vulnerabilities found on popular IoT devices. The prominent variants, Satori, Mukashi, Moobot, and Sonic1, together target more than 15 unique known vulnerabilities discovered between 2014-2021. The vulnerabilities include but are not limited to improper input validation, command injections, insufficient credential protection, and out-of-bound writes. With these new attack strategies, Satori compromised more than a quarter million devices within the first twelve hours of its release and peaked at almost 700,000 infected devices. Similarly, Mukashi made more than a hundred million Zyxel NAS devices vulnerable through its new exploits. This article reviews the attack methodologies and impacts of these variants in detail. It summarizes the common vulnerabilities targeted by these variants and analyzes the infection mechanism through vulnerability analysis. This article also provides an overview of possible defense solutions.
format Preprint
id arxiv_https___arxiv_org_abs_2508_01909
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Analyzing The Mirai IoT Botnet and Its Recent Variants: Satori, Mukashi, Moobot, and Sonic
Famera, Angela
Hilger, Ben
Bhunia, Suman
Heil, Patrick
Cryptography and Security
Mirai is undoubtedly one of the most significant Internet of Things (IoT) botnet attacks in history. In terms of its detrimental effects, seamless spread, and low detection rate, it surpassed its predecessors. Its developers released the source code, which triggered the development of several variants that combined the old code with newer vulnerabilities found on popular IoT devices. The prominent variants, Satori, Mukashi, Moobot, and Sonic1, together target more than 15 unique known vulnerabilities discovered between 2014-2021. The vulnerabilities include but are not limited to improper input validation, command injections, insufficient credential protection, and out-of-bound writes. With these new attack strategies, Satori compromised more than a quarter million devices within the first twelve hours of its release and peaked at almost 700,000 infected devices. Similarly, Mukashi made more than a hundred million Zyxel NAS devices vulnerable through its new exploits. This article reviews the attack methodologies and impacts of these variants in detail. It summarizes the common vulnerabilities targeted by these variants and analyzes the infection mechanism through vulnerability analysis. This article also provides an overview of possible defense solutions.
title Analyzing The Mirai IoT Botnet and Its Recent Variants: Satori, Mukashi, Moobot, and Sonic
topic Cryptography and Security
url https://arxiv.org/abs/2508.01909