The Muhstik botnet is exploiting a flaw in Apache RocketMQ. Hackers are misusing legitimate packer software to distribute malware, and Cybersecurity experts have uncovered a malicious Python package used to deliver infostealer malware. Learn all about them in today’s security roundup.
Muhstik Botnet Exploiting Apache RocketMQ
The Muhstik botnet is exploiting a newly discovered vulnerability in Apache RocketMQ to support its capabilities to run Distributed Denial-of-Service (DDoS) operations. The vulnerability (CVE-2023-33246) allows the botnet to increase the scale of its attacks by infiltrating compromised systems, creating risks for servers connected to the internet.
The vulnerability is exploited by running a shell script from a remote IP. This script is then used to download the Muhstik malware binary (“pty3”), which is copied to multiple directories to ensure the attack’s persistence.
The botnet primarily targets IoT devices and Linux servers. Approximately 5,000 instances of RocketMQ are thought to be vulnerable. The botnet can move laterally, gather metadata, and contact command and control domains. The Apache Software Foundation has patched the flaw…
?xml>
