Wednesday, 09 July 2025

Muhstik Botnet Targeting Redis Servers

Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed Lua sandbox escape flaw (CVE-2022-0543). The vulnerability received a CVSS score of 10 and allows remote code execution on a system with vulnerable software.

The malware can spread like a worm on Linux and IoT devices like GPON, DD-WRT, and Tomato home routers. It has exploited the following vulnerabilities over the past few years:

  • CVE-2017-10271 (CVSS score: 7.5) – An input validation vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware
  • CVE-2018-7600 (CVSS score: 9.8) - Drupal remote code execution vulnerability
  • CVE-2019-2725 (CVSS score: 9.8) - Remote code execution vulnerability in Oracle WebLogic Server.
  • CVE-2021-26084 (CVSS score: 9.8) - An OGNL (Object-Graph Navigation Language) injection vulnerability in Atlassian Confluence
  • CVE-2021-44228 (CVSS score: 10.0) - Apache Log4j remote code execution vulnerability (aka Log4Shell).

"The bot connects to an IRC server to receive commands which include the following: download files, shell commands, DDoS attacks, and SSH brute-force," Juniper Threat Labs said in a report.

Source: securitylab.ru

31 March 2022

-
407