Geeks for your information
Moobot Milks Tenda Router Bugs for Propagation - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: News (https://www.geeks.fyi/forumdisplay.php?fid=105)
+--- Forum: Privacy & Security News (https://www.geeks.fyi/forumdisplay.php?fid=107)
+--- Thread: Moobot Milks Tenda Router Bugs for Propagation (/showthread.php?tid=15323)



Moobot Milks Tenda Router Bugs for Propagation - silversurfer - 15 June 21

Quote:A variant of the Mirai botnet called Moobot saw a big spike in activity recently, with researchers picking up widespread scanning in their telemetry for a known vulnerability in Tenda routers. It turns out that it was being pushed out from a new cyber-underground malware domain, known as Cyberium, which has been anchoring a large amount of Mirai-variant activity.
 
According to AT&T Alien Labs, the scanning for vulnerable Tenda routers piqued researcher interest given that such activity is typically rare. The targeted bug is a remote code-execution (RCE) issue (CVE-2020-10987).
 
“This spike was observed throughout a significant number of clients, in the space of a few hours,” according to an AT&T analysis, released Monday. “This vulnerability is not commonly used by web scanners and was barely detected by our honeypots during the last six months, except for a minor peak in November.”
 
Following the breadcrumbs of the activity, researchers tracked down the infrastructure behind the Tenda scans in late March – discovering that it was being used to scan for additional bugs, in the Axis SSI, Huawei home routers (CVE-2017-17215) and the Realtek SDK Miniigd (CVE-2014-8361). It was also deploying a DVR scanner that tried default credentials for the Sofia video application. These compromise efforts were tied to a variety of different Mirai-based botnet infections, including the Satori botnet.

Read more: Moobot Milks Tenda Router Bugs for Propagation | Threatpost