You're in Trouble if You Have a Tomato Router

Tomato Router

Researchers from Unit 42, the threat intelligence arm of Palo Alto Networks, have discovered a new variant of the Muhstik botnet that adds a scanner to attack Tomato routers for the first time by web authentication brute forcing.

Purchase a reliable and secured router here.

Unit 42’s investigation showed there are more than 4,600 Tomato routers exposed on the internet that could potentially be vulnerable.

Tomato is an open source alternative firmware for routers. Thanks to its stable, Linux-based, non-proprietary firmware, with VPN passthrough capability and advanced quality of service (QoS) control, Tomato firmware is commonly installed by multiple router vendors and also installed manually by end users. According to Unit 42’s investigation on Shodan, there are more than 4,600 Tomato routers exposed on the Internet.

The Muhstik botnet has been alive since March 2018, with a wormlike self-propagating capability to infect Linux servers and IoT devices. Muhstik uses multiple vulnerability exploits to infect Linux services, such as Weblogic, WordPress and Drupal. It also compromises IoT routers, such as the GPON home router and DD-WRT router. This new variant expands the botnet by infecting Tomato routers.

We have not found further malicious activities in Tomato routers after the Muhstik botnet harvests vulnerable routers, but from our understanding of the Muhstik botnet, Muhstik mainly launches cryptocurrency mining and DDoS attacks in IoT bots to earn profit. We will keep monitoring its Command and Control (C2) IRC channel.

New Scanner for Tomato Routers

The new Muhstik variant scans Tomato routers on TCP port 8080 and bypasses the admin web authentication by default credentials bruteforcing. In Tomato routers, the default credentials are “admin:admin” and “root:admin”. We captured the Tomato router web authentication brute forcing traffic.

To estimate the infected volume, we searched for fingerprints of Tomato routers in Shodan. As noted in Figure 2, there are about 4,600 potential victims on the Internet in total. This total is derived by including the number of TomatoUSB devices, which is used as a NAS server by combining the Tomato router and a USB drive.

Share via

You’re in Trouble if You Have a Tomato Router

New Scanner for Tomato Routers

Posted by News Team

You’re in Trouble if You Have a Tomato Router

You may also like

10 Best Budget Soundbars in the Philippines 2023

Why Filipino Engineers Must Have Two Credit Cards

Practice, Practice, Practice: The Secret to Efficient Engineering Problem Solving

I Flunked My Engineer Licensure Exam But It’s Not That Bad

What to Do If You Failed the Engineering Board Exam

Top 15 Most In-Demand Engineering Jobs with Salary Report

Extra Business Costs You Probably Aren’t Prepared For

How Law Firms Can Improve Efficiency and Productivity with Case Management Software

Keeping Maritime Workers Safe: A Multifaceted Approach

Raptor 18S | Automatic Stabilization and Closing

Innovation and Development Trends of Electronic Components in Engineering Applications

Top 10 Best Civil Engineering Review Centers in the Philippines

15 Best Air Coolers in the Philippines 2023

13 Cheapest Split-Type Inverter Aircon in the Philippines 2023

Best Coffee Makers in the Philippines 2023 (Pros and Cons)

14 Cheapest Aircon in the Philippines 2022 | Top AC Brands