Security News > 2020 > January > New Muhstik Botnet Attacks Target Tomato Routers
A new variant of the Muhstik botnet has appeared, this time with scanner technology that for the first time can brute-force web authentication to attack routers using Tomato open-source firmware, researchers have found.
"The new Muhstik variant scans Tomato routers on TCP port 8080 and bypasses the admin web authentication by default credentials bruteforcing," researchers wrote in their report.
To estimate the infected volume of devices, researchers searched for fingerprints of Tomato routers in Shodan, which identified more than 4,600 Tomato routers exposed on the internet and thus vulnerable to the latest Muhstik attack.
The new variant also once again shows the inherent lack of security in the IoT landscape, with new attacks on these type of devices seeming to come so fast security researchers can barely keep up.
Researchers said they did not discover malicious activities beyond the variant's harvesting of vulnerable Tomato routers; however, the Muhstik botnet is mainly known to launch cryptocurrency mining and DDoS attacks in IoT bots to earn profit.
News URL
https://threatpost.com/muhstik-botnet-attacks-tomato-routers/152079/
Related news
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- New Eleven11bot botnet infects 86,000 devices for DDoS attacks (source)
- Unpatched Edimax IP camera flaw actively exploited in botnet attacks (source)
- TP-Link Router Botnet (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year (source)