Chinese-linked Muhstik botnet targets Oracle WebLogic, Drupal
By MYBRANDBOOK
A security firm confirmed the Muhstik botnet, has been operating for at least two years, has recently started targeting vulnerabilities in the Oracle WebLogic application server and the Drupal content management system as a way to expand its cryptocurrency mining capabilities, according to the security firm.
Researchers earlier found that Muhstik targeted vulnerable IoT devices, such as routers, to grow its malicious network and perform other tasks, such as mining for cryptocurrency or launching distributed denial-of-service attacks.
The operators behind Muhstik are targeting vulnerabilities in web applications to increase the botnet's reach. This includes two vulnerabilities in Oracle WebLogic, which is used to help build and deploy enterprise Java EE applications.
Those flaws are tracked as CVE-2019-2725 and CVE-2017-10271One of the Oracle WebLogic vulnerabilities, CVE-2019-2725, was disclosed over a year ago, when researchers from Palo Alto Networks Unit 42 warned that it could be used to mine for cryptocurrency or deploy ransomware.
The Lacework researchers note that Muhstik continues to use the IRC protocol to communicate with its command-and-control server, which is fairly common for botnets.
Muhstik then attempts to download other malicious code within the infected device or web application. This includes the XMRig malware that is being increasingly used to mine for cryptocurrency, such as monero.
The botnet also attempts to download a scanning module that searches for other vulnerable applications or connected devices and then attempts to connect those to its malicious infrastructure, according to the report.
"Usually, Muhstik will be instructed to download an XMRig miner and a scanning module. The scanning module is used for growing the botnet through targeting other Linux servers and home routers," Chris Hall, a cloud security researcher at Lacework, notes in the report.
The researchers also found the Muhstik botnet leverages source code from the Mirai botnet. This includes a memory scraper, which can kill other malware within a device.
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
LAVA INTERNATIONAL LTD.
SAFE SECURITY SERVICES PVT. LTD.
EXIDE INDUSTRIES LTD.
ZOHO CORPORATION PVT. LTD.
Technology Icons Of India 2023: C P Gurnani
CP Gurnani (popularly known as ‘CP’ within his peer group), is the...
Technology Icons Of India 2023: Lt Gen (Dr.) Rajesh Pant (Retd.)
LT Gen(Dr.) Rajesh Panth (Retd.), National cyber security coordination...
Technology Icons Of India 2023: Rajeev Chandrasekhar
Rajeev Chandrasekhar is the Union Minister of State for Electronics an...
Leading company into fertilizers in the country
NFL is a dynamic organization committed to serve the farming community...
BEL leveraging next generation technologies to keep the country ahead in Defence space
Bharat Electronics Limited (BEL) is a Navratna PSU under the Ministry ...
EESL encouraging e-mobility adoption across India
Energy Efficiency Services Limited (EESL) is a Super Energy Service Co...
TECH DATA, A TD SYNNEX COMPANY
Tech Data Corporation was an American multinational distribution compa...
BEETEL TELETECH LTD.
: Beetel is one of the oldest and most reputed brands in the Industry,...
M. TECH SOLUTIONS (I) PVT. LTD.
M.Tech is a leading cyber security and network performance solutions ...