Malware botnets spread through Cacti, Realtek flaws

Numerous malware botnet attacks since January have sought to spread Moobot and ShellBot malware through the exploitation of a critical Cacti command critical injection bug, tracked as CVE-2022-46169, and a critical Realtek Jungle SDK remote code execution flaw, tracked as CVE-2021-35394, BleepingComputer reports. Both vulnerabilities have been targeted by the Mirai-based Moobot to facilitate the injection of the configuration-containing script and connection with a command-and-control server before commencing distributed denial-of-service attacks, a report from Fortinet revealed. Moreover, other bot processes are being scanned and killed by new Moobot versions to maximize their attacks. On the other hand, ShellBot, which was found to have three malware variants, mainly leverages the Cacti bug. Several commands, including those that enable file and folder deletion and UDP DDoS attacks, could be performed by the first variant, while the second, which has even more commands and features an exploit enhancement module, was discovered to have compromised hundreds of victims, said researchers.