Chinese-linked Muhstik botnet targets Oracle WebLogic, Drupal
A security firm confirmed the Muhstik botnet, has been operating for at least two years, has recently started targeting vulnerabilities in the Oracle WebLogic application server and the Drupal content management system as a way to expand its cryptocurrency mining capabilities, according to the security firm.
Researchers earlier found that Muhstik targeted vulnerable IoT devices, such as routers, to grow its malicious network and perform other tasks, such as mining for cryptocurrency or launching distributed denial-of-service attacks.
The operators behind Muhstik are targeting vulnerabilities in web applications to increase the botnet's reach. This includes two vulnerabilities in Oracle WebLogic, which is used to help build and deploy enterprise Java EE applications.
Those flaws are tracked as CVE-2019-2725 and CVE-2017-10271One of the Oracle WebLogic vulnerabilities, CVE-2019-2725, was disclosed over a year ago, when researchers from Palo Alto Networks Unit 42 warned that it could be used to mine for cryptocurrency or deploy ransomware.
The Lacework researchers note that Muhstik continues to use the IRC protocol to communicate with its command-and-control server, which is fairly common for botnets.
Muhstik then attempts to download other malicious code within the infected device or web application. This includes the XMRig malware that is being increasingly used to mine for cryptocurrency, such as monero.
The botnet also attempts to download a scanning module that searches for other vulnerable applications or connected devices and then attempts to connect those to its malicious infrastructure, according to the report.
"Usually, Muhstik will be instructed to download an XMRig miner and a scanning module. The scanning module is used for growing the botnet through targeting other Linux servers and home routers," Chris Hall, a cloud security researcher at Lacework, notes in the report.
The researchers also found the Muhstik botnet leverages source code from the Mirai botnet. This includes a memory scraper, which can kill other malware within a device.
Aruba & Forrester study says optimizing operational efficiency is a top business priority
Aruba, a Hewlett Packard Enterprise company, announced the findings of a study it commissi...
Qualcomm unveils its AI Stack Portfolio
Qualcomm Technologies, Inc. announced its AI Stack portfolio, accelerating the company&rsq...
3i Infotech signs US $2.2 Mn Digital IMS deal with one of UAE’s digital transformation companies
3i Infotech has signed an enterprise solution deal with one of UAE's digital transform...
PRAMA hosts its EXCELLENCE MEET in New Delhi
Prama India has organized its Pan India Roadshows with its second event recently at New De...
Grassroots Channels announces a multicity, daylong event “Surveillance Unmasked”
Grassroots Channels has announced the launch of “Surveillance Unmasked” progra...
ManageEngine celebrates two decades of Technology Innovation
Celebrating 20 years of ManageEngine, the company has hosted a conference on May 19 at the...
As a business you need to anticipate the technology evolution and ways to improve the process: CP Gurnani
CEO Fireside Chat CP Gurnani, Chief Executive Officer & Managing Director, Tech Mahind...