IoT Reaper in comparison with Mirai

by Lucia Danes - -

Researchers have uncovered a botnet which exploits unpatched flaws and enslaves computers and other smart devices. The most recent botnet is dubbed as IoT Reaper and it is potentially worse than Mirai.

iot reaper mirai malware

Do you remember Mirai? Mirai is a botnet discovered last year and was announced as one of the most impactful cybersecurity ever by Krebs on Security researchers. The botnet brought down domain name system provider DYM; Mirai-powered botnet also caused 54-hour DDoS attacks against universities in the United States. In addition to that, the botnet also cut access to sites like Twitter.[1]

The new botnet, IoT Reaper is expected to be worse than Mirai and it’s rapidly expanding and is infecting millions of vulnerable IoT devices and turning them into a part of the botnet.[2]

More then tens of thousands smart devices were detected as a part of IoT Reaper so far. In addition, cybersecurity researchers at Netlab 360 reported that millions of IoT smart-home devices include malicious code.[3]

IoT Reaper was found to share its code with Mirai. While Mirai cracked the devices by default or using weak passwords, IoT reaper exploits unpatched vulnerabilities detected in IoT devices.

Netlab 360 uncovered nine IoT flaws that the IoT Reaper malware integrated. The botnet affected manufacturers including Linksys, AVTech, and Netgear.[3]

Researchers at Netlab 360 wrote:

Note just in the last 10 days, the attacker has continuously added more new exploits into samples, one of which is [sic] adopted only 2 days after the disclosure of the vulnerability was made.

The botnet’s C&C server controlled 20,000 devices in that week before it was discovered by Netlab 360. Moreover, over two million devices contain the malicious code and are waiting for infection by another C&C server command.
“We have not seen actual DDoS attack so far. The only instructions we saw are to download samples. This means the attacker is still focusing on spreading the botnets.”

Meanwhile, Tristan Liverpool, a director of systems engineering at F5Networs indicated:[4]

To stop the propagation of this botnet, all companies and consumers should ensure all their devices are running the latest firmware versions, which will have security patches included. However, as the Reaper botnet already has many devices under its control … everyone needs to prepare for the worst, as it is still unknown whether the motive of the perpetrators is chaos, financial gain or to target specific states or brands.


About the author

Lucia Danes
Lucia Danes - Malware and spyware analyst

Lucia Danes is a news editor at She is extremely passionate when it comes to helping people deal with various online threats, so she wants her articles to be understood even by those with no IT background.

Contact Lucia Danes
About the company Esolutions


now online
Like us on Facebook