The recently found Zerobot botnet is still evolving and is increasingly focusing on connected devices.
The latest malware version, Zerobot 1.1, has been reported in detail by the Microsoft Defender for IoT research group including newly found capabilities. New strong indications of compromise (IOCs) and recommendations have also been published by Microsoft Security Experts. That is to assist defenders in strengthening networks and devices against this threat.
Microsoft researchers noticed and stated that the botnet is becoming more active in its attacks on devices. That used a new brute-force vector to invade IoT devices with weak security as opposed to only attempting to leverage a recognized vulnerability.
The malware adds vulnerable devices to a distributed denial of service (DDoS) botnet and targets a variety of devices, such as firewalls, routers, and webcams.
How Zerobot Can Exploit Vulnerabilities In Apache?
The Go programming language-based Zerobot primarily affects Linux-based devices. Microsoft claims to have found several malware data that are Windows-compatible.
ZeroStresser, which Microsoft has identified as DEV-1061, uses a set of modules to attack vulnerable hardware operating a variety of operating systems and architectures. However, the most recent upgrade targets the Apache and Apache Spark platforms.
According to MSTIC, Zerobot 1.1 can now take advantage of the Apache (CVE-2021-42013) and Apache Spark (CVE=2022-33891) vulnerabilities. Other flaws can be found in the Grandstream networking systems, Roxy-WI GUI, and MiniDVBLinux DVR systems.
According to the researchers, botnet people prey on flaws in unpatched or imperfectly secured devices. In some circumstances it performs brute-force operations on susceptible devices with insecure setups that make use of default or weak passwords.
According to reports, Zerobot spreads by scanning and infecting devices with known vulnerabilities that aren’t contained in the malware executable, such as CVE-2022-30023, a command injection vulnerability in Tenda GPON AC1200 routers.