Friday, January 24, 2025
HomeComputer SecurityMoobot Botnet Hacks Various Fiber Routers Using 0-Day Vulnerability

Moobot Botnet Hacks Various Fiber Routers Using 0-Day Vulnerability

Published on

SIEM as a Service

Follow Us on Google News

Qihoo 360’s Netlab Researchers observed Moobot botnet has successfully spread in fiber routers for remote code execution using0-day vulnerability. 

There is a total of 9 vendors are affected by the same vulnerability, it is likely most of the vendors are OEM products of the same original vendor.

Recent IOT 0-day Vulnerabilities

360’s Netlab Researchersseen the trend of 0-day vulnerabilities of IoT devices exploited to spread the multiple botnets in the past 30 days.

LILIN DVR 0-day vulnerabilities to spread Chalubo, FBot, and Moobotbotnets.On February 13, 2020, the vendor fixed the vulnerability and released the latest firmware program 2.0b60_20200207.

DrayTek Vigorenterprise routers and switch devices affected with pair of 0-day vulnerability. On February 10, 2020, the manufacturer DrayTek issued a security bulletin, which fixed the vulnerability and released the latest firmware program 1.5.1.

Fiber routers include Netlink GPON spreads Moobot botnet

On February 28, 2020, Researchers noticed the Moobot botnet successfully used a new exploit (two steps) to spread in fiber routers including Netlink GPON router. 

PoC for Remote command execution vulnerability in fiber routers already published in the Exploit Database.

Researchers informed CNCERT regarding 0-day vulnerabilities affects many fiber routes and vendor name is not shared disclosed publically.

Moobot is a new botnet family based on Mirai. Except for Moobot botnet, other botnets such as Fbot botnet and Gafgyt botnets were failed to spread in fiber routers as it requires two steps for successful exploitation. 

The first step involves another vulnerability and second utilizing the PoC available in Exploit db. Researchers did not disclose the first part of vulnerability publically.

Moobot Botnet
Sample Injections commands

The Exploitdb PoC Vulnerability 

Type: remote command execution

 Details: The function form Ping() in the Web server program /bin/boa, When it processes the post request from /boaform/admin/forming, it did not check the target_addr parameters before calling the system ping commands, thereby a command injection becomes possible.

Recommended general best practices for IoT users to check and update their device firmware promptly, and check whether there are default accounts that should be disabled.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Latest articles

Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access

In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a...

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Beware of Fake Captcha Verifications Spreading Lumma Malware

In January, Netskope Threat Labs uncovered a sophisticated global malware campaign leveraging fake CAPTCHA...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Murdoc Botnet Exploiting AVTECH Cameras & Huawei Routers to Gain Complete Control

Researchers have identified an active malware campaign involving a Mirai botnet variant, dubbed Murdoc,...