Mirai Botnet Variant MooBot Botnet - Exploits D-Link Router Vulnerabilities
Reading Time: < 1 minute

Palo Alto Networks Unit 42 discovered Mirai botnet variant MooBot exploiting D-Link Router Vulnerabilities. According to the researchers, if the devices are compromised, they could be used by attackers to conduct further attacks such as distributed denial-of-service (DDoS) attacks.

The goal of MooBot, disclosed in September 2019, by Qihoo 360’s Netlab team, is to attack LILIN digital video recorders and Hikvision video surveillance devices.

D-Link recently discovered several flaws in their devices, with four different vulnerabilities being discovered in just a short period of time. These include –

  • CVE-2015-2051 (CVSS score: 10.0) – D-Link HNAP SOAPAction Header Command Execution Vulnerability
  • CVE-2018-6530 (CVSS score: 9.8) – D-Link SOAP Interface Remote Code Execution Vulnerability
  • CVE-2022-26258 (CVSS score: 9.8) – D-Link Remote Command Execution Vulnerability, and
  • CVE-2022-28958 (CVSS score: 9.8) – D-Link Remote Command Execution Vulnerability

If you exploit the aforementioned flaws, you can get remote code execution and be able to retrieve a MooBot payload from a remote host. That payload then listens for instructions from a C2 server to launch DDoS attacks on a specific IP address and port number.

It is highly recommended that you apply patches and upgrades released by the company to mitigate potential threats.

“The vulnerabilities we discovered are really low-hanging fruit,” researchers said. “But once an attacker exploits them, they can control the device and use it for further attacks.”

Related Articles:
Los Angeles School District Fighting an Ongoing Ransomware Attack
Pakistan Government Admits Own Cybersecurity Team Incompetent
Cybersecurity Week – Beijing Claims US Attacked A Military Research University