Summary:
A new variant of Zerobot malware written in Golang is now updated with new infection mechanisms and has been seen exploiting multiple vulnerabilities in Apache and Apache Spark (CVE-2021-42013 and CVE-2022-33891). Zerobot infects various devices and uses them for distributed denial of service attacks. Zerobot is targeting these vulnerabilities to gain initial access to the system and infect them, further adding them to its botnet list. Zerobot injects a malicious payload called zero.sh that downloads and executes Zerobot.
Threat Profile:
References:
The following reports contain further technical details: