Key Takeaways
- DreamBus is a modular Linux-based botnet dating back to early 2019 with worm-like behavior that can spread across the internet as well as internal networks.
- DreamBus uses a combination of implicit trust, application-specific exploits, and weak passwords to gain access to systems such as databases, cloud-based applications, and IT administration tools.
- Infected systems are monetized by mining Monero cryptocurrency using XMRig.
- In June 2023, the DreamBus malware author introduced new changes to the code to further evade detection.
- The threat actor developed two new exploit modules that target vulnerabilities in Metabase (CVE-2023-38646) and Apache RocketMQ (CVE-2023-33246).