Just in time for Halloween, a growing hacked device botnet named "Reaper" could put the internet in the dark.

Over a million internet-connected cameras and routers have already been infected, researchers with the Israeli-based firm Check Point says — and the number is growing.

"Our research suggests we are now experiencing the calm before an even more powerful storm," they warned last week. "The next cyber hurricane is about to come."

"Botnets" consist of vast networks of thousands and even millions of computers that have been infected with malware, enslaving them to do someone else's bidding. They can be commanded — usually without their owners' knowledge — to provide the raw computing power to take down websites and launch further cyberattacks.

Last fall, chunks of the internet went offline for hours when a botnet of hacked cameras called "Mirai" was used to launch a "distributed denial of service" or DDoS attack on a major internet infrastructure provider. Sites like the New York Times, Twitter, and Netflix were unreachable via their web addresses for several hours.

Now "Reaper" could make that botnet look like child's play. "It's a very big deal," Avivah Litan, an analyst at Gartner, told NBC News.

Worse than last year's massive attack

The botnet spreads from hacked device to hacked device, sneaking in via known security vulnerabilities, according to an analysis by Chinese researchers at 360 netlab. The at-risk devices include several webcams and routers, including those by popular makers such as Linksys, Netgear, and dlink, none of whom provided a comment to NBC News in time for publication.

This is different from the attack last fall, which only used weak and default passwords to get into devices. It could easily be wiped just by rebooting the device. But the new botnet has automated basic hacking techniques in order to spread further. And by using known exploits it can get in and spread without raising any alarms.

"The potential here is even bigger than what Mirai had,” Maya Horowitz, the manager of Check Point’s research team, told Wired magazine. “With this version it’s much easier to recruit into this army of devices.”

Check Point said we were experiencing "the calm before the storm" and warned that companies should make preparations for a Distributed Denial of Service (DDoS) attack which could potentially knock them offline.

DDoS attacks were made famous by Lizard Squad, the cyber gang that took down the PlayStation network during Christmas of 2014.

They involve flooding websites or other targets with traffic so they collapse.

Security experts have been told to check over company networks and take any of the possibly infected gadgets offline.

Those who might have the products in their home are told the same, although the only difference they might notice is slower wifi speeds.