"MooBot Malware Botnet Re-emerges to Attack Unpatched D-Link Routers"

The MooBot Mirai malware botnet variant, which targets unprotected D-Link routers using a combination of existing and new flaws, reappeared in a new attack wave that began in early August. Fortinet experts discovered MooBot in December 2021 to spread quickly and gather many devices for its Distributed Denial-of-Service (DDoS) army. The malware's targeting scope has now been updated, as is customary for botnets looking for untapped reserves of vulnerable devices to capture. The vendor has released security updates to address these issues, but not all users have installed them, particularly the most recent two, which were released in March and May this year. The operators of MooBot use the vulnerabilities' low attack complexity to gain Remote Code Execution (RCE) on the targets and retrieve the malware binary using arbitrary instructions. When the malware decodes the hardcoded address in the configuration, the newly acquired routers are registered on the threat actor's command-and-control (C2) server. The C2 addresses in Unit 42's report differ from those in Fortinet's write-up, which indicates that the threat actor's infrastructure has been updated. The seized routers eventually participate in targeted DDoS attacks against various targets, depending on the objectives of MooBot's operators. This article continues to discuss the re-emergence of the MooBot malware botnet. 

CyberIntelMag reports "MooBot Malware Botnet Re-emerges to Attack Unpatched D-Link Routers"