Do Son 
Image Credit: Juniper Threat Labs
Zscaler’s ThreatLabz research team detected a formidable adversary: DreamBus. A Linux-based malware family, DreamBus has been quietly evolving, honing its capabilities to exploit vulnerabilities in business applications.
DreamBus, initially identified in early 2019, has demonstrated a worm-like ability to spread across both internet and internal networks. It’s known for leveraging a combination of implicit trust, application-specific exploits, and weak passwords to infiltrate systems, particularly focusing on databases, cloud applications, and IT administration tools.
The primary goal of Linux-based DreamBus malware is the monetization of infected systems through Monero cryptocurrency mining, using XMRig. This reflects a growing trend among cybercriminals to harness the computational resources of compromised systems for financial gain.
In a bid to remain elusive, DreamBus has introduced changes to its code, particularly in mid-2023. These updates are aimed at further evading detection and demonstrating the malware’s adaptive nature.
Notably, DreamBus has developed two new exploit modules targeting recent vulnerabilities in Metabase (CVE-2023-38646) and Apache RocketMQ (CVE-2023-33246). This shift indicates a strategic adaptation to target emerging weaknesses in popular business platforms.
DreamBus’s capability to target a range of applications, including PostgreSQL, HashiCorp Consul, Hadoop YARN, Redis, and SSH, poses a significant threat to organizations worldwide. Its preference for PostgreSQL indicates a strategic focus on data-rich environments.
DreamBus’s evolution underscores the need for robust cybersecurity measures. Organizations must prioritize securing applications, enforcing strong passwords, multi-factor authentication, and deploying network and endpoint monitoring systems to detect potential compromises.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
