Hackers are using device monitoring software Cacti to install malware

Cyberattack
(Image credit: Pixabay)

Hackers are utilizing a known vulnerability in device monitoring tool Cacti to install all sorts of malware on vulnerable endpoints, researchers have claimed. 

Cybersecurity researchers from The Shadowserver Foundation spotted multiple attempts at delivering various malware via the critical command injection vulnerability, tracked as CVE-2022-46169. 

By abusing the flaw, which has a severity rating of 9.8 (critical), threat actors were observed deploying Mirai malware, as well as IRC botnet. Some threat actors were seen simply checking for the vulnerability, possibly in preparation for future attacks. 

Thousands of unpatched instances

Mirai is a malware that mostly targets smart home devices running Linux, such as IP cameras and home routers, and assimilates them into the Mirai botnet. The botnet can later be used for Distributed Denial of Service (DDoS) attacks, which can disrupt operations and shut websites down.

The IRC botnet was seen opening a reverse shell on the host and having it scan the endpoint’s ports.

In total, roughly 10 exploitation attempts were seen in the last week. 

A Censys report claims there are more than 6,000 unpatched Cacti instances reachable over the internet, while adding that more than 1,600 are unpatched and thus vulnerable.

“Censys has observed 6,427 hosts on the internet running a version of Cacti. Unfortunately, we can only see the exact running software version when a specific theme (sunrise) is enabled on the web application,” Censys said. That being said, 1,637 hosts were found reachable over the web and vulnerable to CVE-2022-46169, the majority (465) running version 1.1.38, released more than a year ago, it added.

Furthermore, Censys has only observed 26 instances running an updated version that wasn’t vulnerable.

As usual, the best way to protect your devices against such attacks is to make sure all software is running the latest version. 

Via: BleepingComputer

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
TP-Link and NR routers targeted by worrying new botnet
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Industrial routers are being hit by zero-days from new Mirai botnets
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Dangerous new botnet targets webcams, routers across the world
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
DDoS Attack
Watch out, your office phone could be hijacked into a Mirai botnet
botnet
Another top security camera maker is seeing devices hijacked into botnet
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Latest in News
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC