The OMG botnet: Your IoT device can also become a proxy server

Analysts from the Fortinet FortiGuard Labs company encountered a new variant of the Mirai botnet , which in 2016 was used to carry out DDoS attacks on popular websites. A variation called OMG transforms IoT devices into proxies that allow cybercriminals to remain anonymous.

Recall: Mirai, using the Internet of Things, led to the exclusion in October 2016 of such services as Netflix, Spotify or Reddit. This malware was also active in Poland. According to CERT Polska data, in 2016 Mirai acquired even up to 14,000 devices a day. All of them had one thing in common: they left factory safety settings that were easily avoided by cybercriminals. It is worth mentioning that the three Mirai authors were identified - they pleaded guilty and paid high fines.

OMG botnet

OMG botnet and trading proxy servers

Since the launch of Mirai, analysts from FortiGuard Labs have recognized many of its new varieties. Mirai was originally designed to carry out DDoS attacks, however later modifications went, among others towards cryptojacking. The new variants based on Mirai differ from the original also using new techniques. They are used to exploit vulnerabilities and are capable of widespread attacks.

One of the most interesting new varieties of Mirai is the OMG botnet, which turns IoT devices into proxy (intermediary) servers. Such servers provide anonymity, which makes them valuable for cybercriminals. In this way, you can use someone else's device to attack, break into the system or ransom money. One way to earn on proxy servers is to sell access to other cybercriminals. According to Fortinet specialists, this is the model adopted by the OMG authors.

Analysts also point to the fact that OMG retains the original Mirai modules. This means that it can perform the same processes as its prototype.

This is the first case when we see a modified version of Mirai capable not only of DDoS attacks, but also for using IoT devices as proxy servers. Therefore, we expect that in the near future there will be more bots based on Mirai, giving cybercriminals new opportunities to earn.

- comments Robert Dąbrowski, head of the Fortinet engineering team.

How to protect your IoT?

First of all, keep in mind that any device that connects to the Internet, which we have at home, can be infected by cybercriminals. Therefore, it is recommended to:

  • regular update control of all devices connected to the network, as well as operating systems, applications and browsers;
  • installation of anti-virus software;
  • regular scanning of devices connected to the network for viruses and malware;
  • firewall installation;
  • ensuring a strong password and using a two-factor access verification.


Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.