Muhstik botnet exploits a critical Apache RocketMQ flaw (CVE-2023-33246) for remote code execution, targeting Linux servers and IoT devices for DDoS attacks and cryptocurrency mining.
Infection involves executing a shell script from a remote IP, downloading the Muhstik malware binary ("pty3"), and ensuring persistence by copying to multiple directories and editing system files.



Source: TheHackerNews
Source Link: https://thehackernews.com/2024/06/muhstik-botnet-exploiting-apache.html