The Moobot botnet is one of the recently emerged botnets online. According to malware analysts, the Moobot botnet first appeared in March 2020. At first, the operators of the Moobot botnet seemed only to target DVR devices. However, later on, the cybercriminals behind the Moobot botnet expanded this project by going after fiber routers that are vulnerable due to a zero-day exploit.
Furthermore, the vulnerability is a PoC (Proof-of-Concept) exploit, which has been released online. Despite this, the vendors of the fiber routers in question have been aware of the exploit for a while now but have failed to patch the vulnerability. This means that users of these fiber routers may be vulnerable to the Moobot botnet hijacking their device. As soon as the operators of the Moobot botnet spot a vulnerable device online, they will be able to hijack and add it to their threatening project. For now, the Moobot botnet is not very large. However, its operators are making sure that this project continues expanding, at a rather rapid pace at that. This is done by scanning the Web for vulnerable HTTP, ADB, TELNET and DVRIP ports. The attackers have made sure to fully automate the whole process to save time and effort. This means that as soon as a vulnerable port is detected, the Moobot botnet will hijack the targeted device by injecting its harmful payload in it.
So far, the operators of the Moobot botnet have not utilized this botnet. However, the creators of the Moobot botnet may be trying to compromise more systems and expand their project before they begin launching attacks. Most botnets are used for launching DDoS (Distributed-Denial-of-Service) attacks. It is likely that the creators do the Moobot botnet have this in mind, exactly, considering that this project appears to be based on the notorious Mirai Botnet.
If you want to protect your IoT (Internet-of-Things) devices, make sure you apply the latest software updates to them and do not forget to set up secure passwords to protect them from intruders.