Seems a new malware infection has been detected called 'Operation Prowli Malware' and around 40,000 machines are infected.
Still no CVE data updated on CVE site regarding the relevant vulnerability.
Anyone knows the impact and mitigation mechanism of this malware?
According to this article, the botnet uses known vulnerabilities against a variety of applications:
The financially motivated attackers appeared to be targeting indiscriminately and went after domains that exposed a wide range of services to the internet. “Prowli exploits known vulnerabilities across WordPress, Joomla!, SMB, and even some DSL modems, so automated patching, along with continuous assessment and remediation, is critical to avoid these types of attacks," said Brajesh Goyal, CP of engineering, Cavirin.
This explains why there is no specific CVE for this malware, since it does not use any one vulnerability and is not bundled with its own novel exploits. The best mitigation is outlined above. Automated patching will reduce the chance that this malware will infect your applications.
The malware additionally exploits insecure configurations and SSH keys, so ensuring your system is adequately hardened and uses a proper password (or public key authentication) is also vital.
