Vulnerable D-Link routers have been under attack from the MooBot botnet since early last month, with the Mirai malware
variant targeting various critical flaws in D-Link devices, reports BleepingComputer
Critical security bugs targeted by MooBot include remote command execution vulnerabilities in D-Link, tracked as CVE-2022-26258 and CVE-2022-28958; a remote code execution flaw in D-Link SOAP Interface, tracked as CVE-2018-6530; and a command execution flaw in D-Link HNAP SOAPACTION Header, tracked as CVE-2015-2051, a report from Palo Alto Network's Unit 42 showed.
Operators of MooBot have been exploiting the flaws to retrieve the malware binary, which will then be followed by the registration of newly captured routers on their command-and-control server. Such routers are then leveraged by MooBot operators in distributed denial-of-service attacks against various targets.
While D-Link has already issued fixes for all of the mentioned vulnerabilities, the newer flaws, which were discovered in March and May, continue to be unpatched for some users.