Adversaries Ride RocketMQ Bug to DreamBus Bot Resurgence

  /     /     /  
Publicated : 23/11/2024   Category : security


Adversaries Ride RocketMQ Bug to DreamBus Bot Resurgence


Last seen in 2021, DreamBus Monero crypto bot is back and finding new life on vulnerable RocketMQ servers.



Since the disclosure in May that RocketMQ servers had a remote code execution (RCE) bug, multiple threat actors have been making the most of the opportunity, even dusting off a previously dormant crypto bot called DreamBus for the occasion.
Threat researchers with Juniper report they have observed several threat actors launching attacks against the RocketMQ server vulnerability, tracked under CVE-2023-33246, to breach systems and
drop the DreamBus malicious Monero miner bots
.
The Juniper team warned that while
DreamBus is currently limited to delivering crypto bots
, it could easily be adapted to deliver an array of other malware strains in the future.
As DreamBus malicious threat actors resurface, their primary objective remains the installation of a Monero cryptocurrency miner, the Juniper team explained. However, the presence of a modular bot like the DreamBus malware equipped with the ability to execute bash scripts provides these cybercriminals the potential to diversify their attack repertoire, including the installation of various other forms of malware.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Adversaries Ride RocketMQ Bug to DreamBus Bot Resurgence