According to Bleeping Computer, a Chinese botnet has exploited some bugs in Oracle WebLogic, a popular server for running enterprise applications, and content management system Drupal.
Its report cites the findings of Mountain View-based cloud cybersecurity provider Lacework that found a new version of the malware.
Dubbed “Muhstik,” the botnet in question has been around since March 2018. It is infamous for attacking Linux-based services like WordPress as well as devices powered by the internet of things (IoT) technology.
Like a slew of similar botnets, Muhstik relies on XMRig, an open-source CPU miner for privacy coin Monero (XMR), for monetization purposes.
The botnet receives an instruction to download the miner from command-and-control (C&C) servers, according to researcher Chris Hall:
“Usually Muhstik will be instructed to download an XMRrig miner and a scanning module. The scanning module is used for growing the botnet through targeting other Linux servers and home routers.”
Based on its malware upload paths, Muhstik was attributed to a Chinese firm. Its C&C also shares that same SSL certificate with a site devoted to a popular anime character.
As reported by U.Today, the Stantinko gang adopted innovative techniques to obfuscate their cryptojacking operations earlier this year.
In 2019, French cyberpolice shut down a botnet that was responsible for infecting hundreds of thousands Windows computers around the globe.