Security News > 2023 > August > DreamBus malware exploits RocketMQ flaw to infect servers
A new version of the DreamBus botnet malware exploits a critical-severity remote code execution vulnerability in RocketMQ servers to infect devices.
The recent DreamBus attacks leveraging that flaw were spotted by researchers at the Juniper Threat Labs, who reported a spike in the activity in mid-June 2023.
The main DreamBus module, which also passes all VirusTotal AV scans undetected thanks to custom UPX packing, features several base64-encoded scripts that perform different functions, including downloading additional modules for the malware.
Earlier versions of the DreamBus malware are also known to target Redis, PostgreSQL, Hadoop YARN, Apache Spark, HashiCorp Consul, and SaltStack, so following good patch management across all software products is recommended to tackle this threat.
Gafgyt malware exploits five-years-old flaw in EoL Zyxel router.
New Zerobot malware has 21 exploits for BIG-IP, Zyxel, D-Link devices.
News URL
Related news
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)