Security News > 2023 > August > DreamBus malware exploits RocketMQ flaw to infect servers
A new version of the DreamBus botnet malware exploits a critical-severity remote code execution vulnerability in RocketMQ servers to infect devices.
The recent DreamBus attacks leveraging that flaw were spotted by researchers at the Juniper Threat Labs, who reported a spike in the activity in mid-June 2023.
The main DreamBus module, which also passes all VirusTotal AV scans undetected thanks to custom UPX packing, features several base64-encoded scripts that perform different functions, including downloading additional modules for the malware.
Earlier versions of the DreamBus malware are also known to target Redis, PostgreSQL, Hadoop YARN, Apache Spark, HashiCorp Consul, and SaltStack, so following good patch management across all software products is recommended to tackle this threat.
Gafgyt malware exploits five-years-old flaw in EoL Zyxel router.
New Zerobot malware has 21 exploits for BIG-IP, Zyxel, D-Link devices.
News URL
Related news
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- Fake LDAPNightmware exploit on GitHub spreads infostealer malware (source)
- Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws (source)
- Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)