Quote:A new variant of the Muhstik botnet has appeared, this time with scanner technology that for the first time can brute-force web authentication to attack routers using Tomato open-source firmware, researchers have found.
 
Researchers at Palo Alto Networks’ Unit 42 discovered the new variant harvesting vulnerable routers and IoT devices in early December, they reported in a blog post Tuesday. Muhstik, showing a wormlike self-propagating capability that can infect Linux servers and IoT devices, has been active since March 2018.
 
“The new Muhstik variant scans Tomato routers on TCP port 8080 and bypasses the admin web authentication by default credentials bruteforcing,” researchers wrote in their report. The default in this case being “admin:admin” and “root:admin.” “We captured the Tomato router web authentication brute-forcing traffic,” wrote Palo Alto researchers who co-authored the blog Cong Zheng, Yang Ji and Asher Davila.