Security News > 2020 > January > New Muhstik Botnet Attacks Target Tomato Routers
A new variant of the Muhstik botnet has appeared, this time with scanner technology that for the first time can brute-force web authentication to attack routers using Tomato open-source firmware, researchers have found.
"The new Muhstik variant scans Tomato routers on TCP port 8080 and bypasses the admin web authentication by default credentials bruteforcing," researchers wrote in their report.
To estimate the infected volume of devices, researchers searched for fingerprints of Tomato routers in Shodan, which identified more than 4,600 Tomato routers exposed on the internet and thus vulnerable to the latest Muhstik attack.
The new variant also once again shows the inherent lack of security in the IoT landscape, with new attacks on these type of devices seeming to come so fast security researchers can barely keep up.
Researchers said they did not discover malicious activities beyond the variant's harvesting of vulnerable Tomato routers; however, the Muhstik botnet is mainly known to launch cryptocurrency mining and DDoS attacks in IoT bots to earn profit.
News URL
https://threatpost.com/muhstik-botnet-attacks-tomato-routers/152079/
Related news
- Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks (source)
- Quad7 botnet targets more SOHO and VPN routers, media servers (source)
- Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances (source)
- Chinese botnet infects 260,000 SOHO routers, IP cameras with malware (source)
- New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet (source)