Security News > 2020 > January > New Muhstik Botnet Attacks Target Tomato Routers
A new variant of the Muhstik botnet has appeared, this time with scanner technology that for the first time can brute-force web authentication to attack routers using Tomato open-source firmware, researchers have found.
"The new Muhstik variant scans Tomato routers on TCP port 8080 and bypasses the admin web authentication by default credentials bruteforcing," researchers wrote in their report.
To estimate the infected volume of devices, researchers searched for fingerprints of Tomato routers in Shodan, which identified more than 4,600 Tomato routers exposed on the internet and thus vulnerable to the latest Muhstik attack.
The new variant also once again shows the inherent lack of security in the IoT landscape, with new attacks on these type of devices seeming to come so fast security researchers can barely keep up.
Researchers said they did not discover malicious activities beyond the variant's harvesting of vulnerable Tomato routers; however, the Muhstik botnet is mainly known to launch cryptocurrency mining and DDoS attacks in IoT bots to earn profit.
News URL
https://threatpost.com/muhstik-botnet-attacks-tomato-routers/152079/
Related news
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Japan warns of IO-Data zero-day router flaws exploited in attacks (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Juniper warns of Mirai botnet targeting Session Smart routers (source)
- Juniper warns of Mirai botnet scanning for Session Smart routers (source)
- New botnet exploits vulnerabilities in NVRs, TP-Link routers (source)
- FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)