A botnet called DarkIRC is exploiting a severe remote execution vulnerability in Oracle WebLogic. The malware used to create the botnet is being offered for sale on a darknet hacking forum. About 850 unpatched servers in China and another 600 in the U.S. remain vulnerable to the vulnerability, Juniper Threat Labs says. The botnet can also act as a bitcoin clipper, changing a copied bitcoin wallet address to the malware operators wallet address, the report notes.”]
Source: https://www.cuinfosecurity.com/darkirc-botnet-exploiting-oracle-weblogic-vulnerability-a-15497