Muhstik Botnet Targeting Redis Servers
Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed Lua sandbox escape flaw (CVE-2022-0543). The vulnerability received a CVSS score of 10 and allows remote code execution on a system with vulnerable software.
The malware can spread like a worm on Linux and IoT devices like GPON, DD-WRT, and Tomato home routers. It has exploited the following vulnerabilities over the past few years:
"The bot connects to an IRC server to receive commands which include the following: download files, shell commands, DDoS attacks, and SSH brute-force," Juniper Threat Labs said in a report.
Source: securitylab.ru
31 March 2022