Security News > 2020 > January > New Muhstik Botnet Attacks Target Tomato Routers
A new variant of the Muhstik botnet has appeared, this time with scanner technology that for the first time can brute-force web authentication to attack routers using Tomato open-source firmware, researchers have found.
"The new Muhstik variant scans Tomato routers on TCP port 8080 and bypasses the admin web authentication by default credentials bruteforcing," researchers wrote in their report.
To estimate the infected volume of devices, researchers searched for fingerprints of Tomato routers in Shodan, which identified more than 4,600 Tomato routers exposed on the internet and thus vulnerable to the latest Muhstik attack.
The new variant also once again shows the inherent lack of security in the IoT landscape, with new attacks on these type of devices seeming to come so fast security researchers can barely keep up.
Researchers said they did not discover malicious activities beyond the variant's harvesting of vulnerable Tomato routers; however, the Muhstik botnet is mainly known to launch cryptocurrency mining and DDoS attacks in IoT bots to earn profit.
News URL
https://threatpost.com/muhstik-botnet-attacks-tomato-routers/152079/
Related news
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- 13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks (source)
- Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Mirai botnet behind the largest DDoS attack to date (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)