Friday, February 28, 2025
Follow us On Linkedin
HomeComputer SecurityMoobot Botnet Hacks Various Fiber Routers Using 0-Day Vulnerability

Moobot Botnet Hacks Various Fiber Routers Using 0-Day Vulnerability

Computer SecurityMalwareNetwork Security

Published on

By HemaVijay
Moobot Botnet

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Qihoo 360’s Netlab Researchers observed Moobot botnet has successfully spread in fiber routers for remote code execution using0-day vulnerability. 

There is a total of 9 vendors are affected by the same vulnerability, it is likely most of the vendors are OEM products of the same original vendor.

Recent IOT 0-day Vulnerabilities

360’s Netlab Researchersseen the trend of 0-day vulnerabilities of IoT devices exploited to spread the multiple botnets in the past 30 days.

LILIN DVR 0-day vulnerabilities to spread Chalubo, FBot, and Moobotbotnets.On February 13, 2020, the vendor fixed the vulnerability and released the latest firmware program 2.0b60_20200207.

DrayTek Vigorenterprise routers and switch devices affected with pair of 0-day vulnerability. On February 10, 2020, the manufacturer DrayTek issued a security bulletin, which fixed the vulnerability and released the latest firmware program 1.5.1.

Fiber routers include Netlink GPON spreads Moobot botnet

On February 28, 2020, Researchers noticed the Moobot botnet successfully used a new exploit (two steps) to spread in fiber routers including Netlink GPON router. 

PoC for Remote command execution vulnerability in fiber routers already published in the Exploit Database.

Researchers informed CNCERT regarding 0-day vulnerabilities affects many fiber routes and vendor name is not shared disclosed publically.

Moobot is a new botnet family based on Mirai. Except for Moobot botnet, other botnets such as Fbot botnet and Gafgyt botnets were failed to spread in fiber routers as it requires two steps for successful exploitation. 

The first step involves another vulnerability and second utilizing the PoC available in Exploit db. Researchers did not disclose the first part of vulnerability publically.

Moobot Botnet
Sample Injections commands

The Exploitdb PoC Vulnerability 

Type: remote command execution

 Details: The function form Ping() in the Web server program /bin/boa, When it processes the post request from /boaform/admin/forming, it did not check the target_addr parameters before calling the system ping commands, thereby a command injection becomes possible.

Recommended general best practices for IoT users to check and update their device firmware promptly, and check whether there are default accounts that should be disabled.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

HemaVijay
HemaVijay

Latest articles

cyber security

Chinese Hackers Breach Belgium State Security Service as Investigation Continues

Belgium’s State Security Service (VSSE) has suffered what is being described as its most...
cyber security

Hacktivist Groups Emerge With Powerful Tools for Large-Scale Cyber Operations

Hacktivism, once synonymous with symbolic website defacements and distributed denial-of-service (DDoS) attacks, has evolved...
Cyber Attack

New Pass-the-Cookie Attacks Bypass MFA, Giving Hackers Full Account Access

Multi-factor authentication (MFA), long considered a cornerstone of cybersecurity defense, is facing a formidable...
Cyber Security News

Chinese Hackers Exploit Check Point VPN Zero-Day to Target Organizations Globally

A sophisticated cyberespionage campaign linked to Chinese state-sponsored actors has exploited a previously patched...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

Register Now

More like this

Cyber Security News

Winos4.0 Malware Targets Windows Users Through Malicious PDF Files

A new wave of cyberattacks leveraging the Winos4.0 malware framework has targeted organizations in...
cyber security

Lotus Blossom Hacker Group Uses Dropbox, Twitter, and Zimbra for C2 Communications

The Lotus Blossom hacker group, also known as Spring Dragon, Billbug, or Thrip, has...
cyber security

Squidoor: Multi-Vector Malware Exploiting Outlook API, DNS & ICMP Tunneling for C2

A newly identified malware, dubbed "Squidoor," has emerged as a sophisticated threat targeting government,...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved