Security researchers have warned that a new worm attacking internet-connected and vulnerable devices is currently spreading throughout the world.
Dubbed IoT_reaper by Chinese security vendor Qihoo 360, the malware was first spotted in September this year and has been spreading since then.
The vendor said it had found more than 10,000 unique IP addresses per day with devices that have been compromised by the malware, along with more than two million systems queued at the command and control servers Qihoo 360 is tracking.
The malware is based on the Mirai internet of things (IoT) worm that struck last year, and which has been used to compromise millions of unpatched, vulnerable devices connected to the internet around the world.
However, IoT_reaper differs from Mirai in that it doesn't attempt to crack weak device passwords - it only tries to exploit vulnerabilities.
It also doesn't exhibit aggressive scanning so as to stay unnoticed, and it comes with an execution environment for the lightweight Lua scripting language so as to enable more complex attacks, the researchers said.
IoT_reaper attacks vulnerable devices from D-Link, Netgear, Linksys, AVTech, Vacron, JAWS and GoAhead.
The researchers said they have not seen the IoT_Reaper botnet being used for denial of service attacks as with Mirai.
It does, however, contain around 100 domain name system resolvers, which can be used for DDoS amplification attacks.
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
