In 2016, an Internet of Things (IoT) worm named Mirai infected some 2.5 million gadgets worldwide, building botnets that sent unstoppable floods of junk traffic and took down major internet services including Spotify, Paypal and Reddit.
According to researchers at the Chinese security firm Qihoo 360 and Israeli firm Check Point, comparing Mirai and Reaper is like differentiating between identifying open doors and actively picking locks.
Reaper has pulled together IoT hacking techniques that include nine attacks affecting routers from D-Link, Netgear, and Linksys, as well as internet-connected surveillance cameras, including those sold by Vacron, GoAhead, and AVTech.
Although currently Reaper has shown no signs of any DDoS (Distributed Denial of Service) activity, it is too early to guess the intentions of its creators. This malware has the potential to do significantly more damage than Mirai and its successors did.
Reaper continues to evolve, its code continuously updated, and its authors can turn a network of infected IoT devices into a weaponized network anytime it wants, to attack websites and disrupt services.
"The main differentiator here is that while Mirai was only exploiting devices with default credentials, this new botnet is exploiting numerous vulnerabilities in different IoT devices," wrote Maya Horowitz, Check Point's research team manager, cited by Wired.
"The potential here is even bigger than what Mirai had," Horowitz added, observing that, "with this version it's much easier to recruit into this army of devices."
According to Check Point, Reaper has already enslaved millions of IoT devices, including routers and IP cameras manufactured by GoAhead, D-Link, TP-Link, Avtech, and others, and the bot continues to rapidly spread.
Horowitz noted that device owners should check IoT manufacturer lists of affected gadgets and perform a factory reset on its firmware, if required.
"Our research suggests that we are now experiencing the calm before an even more powerful storm. The next cyber hurricane is about to come." Check Point wrote, cited by Wired. "The next cyber hurricane is about to come."