One million networks infected by new ‘reaper’ botnet

Oliver Bradshaw | Last Updated:

Technical VPN Analyst

reaper botnet infects networks

In September 2016 you may remember the DDoS attack by the Mirai Bot Network. The malware had infected over 2.5 million individual IoT devices to stage a DDoS attack on the worlds most popular websites while throwing millions of users offline around the world in the process, by attempting to seize control of their routers. This attack resulted in Spotify, Reddit and the New York Times being entirely wiped from the internet, among numerous other websites.

This was one of the most widespread and invasive attacks in years, but a new threat from the Reaper Botnet is slowly becoming apparent. On Friday, researchers at Israeli tech firm Check Point and China’s Qihoo 360 security firm discovered that the Reaper Botnet had gained access, and control, of almost one million networks around the globe, with numerous devices attached. With such a large arsenal of devices, the Reaper botnet certainly has the ability to create worldwide chaos and do unprecedented damage to worldwide networks.

One major difference between Mirai and Reaper is Reapers ability to hack devices to gain control, rather than simply guessing their passwords. The Reaper botnet has refined Mirai’s code to include an ability to hack into devices, which were previously suspected to be secure, further expanding Reapers reach. Devices currently under control of Reaper include routers from D-Link, Linksys, and Netgear, along with CCTV cameras from Vacron, AVTech, and GoAhead.

Shockingly, QiHoo 360 has revealed that over 10,000 devices already communicate with the Reaper command-and-control server on a daily basis, with an additional million devices “queued” awaiting code from Reaper to attach them to the entire DDoS network.

Are you affected?

Check Point has released a list of affected devices and has stated that if you are unable to analyse and check whether your device is affected, you should perform a factory reset to remove any malicious malware code. Additionally, there are a number of updates available for the above-mentioned routers and devices, which include patches and removal of the malicious Reaper code.

The Reaper botnet has yet to show signs of mobilising its army of infected devices, although Check Point’s Maya Horowitz speculated that the devices will almost certainly be used in a DDoS attack to either create, “global chaos,” or bring down a “specific target,” both of which could cause online mayhem depending who the target is.

Ultimately, the success of Reaper relies on IoT device owners not updating their devices, or knowing Reaper exists. For Reaper to successfully achieve its goal of a malicious and devastating DDoS attack, it must rely on network device manufacturers to refrain from issuing an update to their devices.

PRIVACY ALERT: Websites you visit can see your current IP Address:

  • Your IP Address:
  • Your Location: Ashburn, US
  • Your Internet Provider:

* Scammers, Governments, and Advertisers can use this information to track and target you.

Our recommended vpn service provider for general all-round internet security and online privacy is ExpressVPN. It offers an excellent selection of online security and internet privacy features, excellent speed, and the ability to unblock your favorite streaming services (Netflix, Hulu, Amazon Prime, BBC iPlayer).

Visit ExpresssVPN

Categories: News

view further information about ExpressVPN prices

Our Testing Process

  1. Security
  2. No-Logs Policies
  3. Speed
  4. Streaming
  5. Torrenting
  6. Censorship
view further information about ExpressVPN product features