A new variant of the BASHLITE malware exploiting the ShellShock vulnerability was used by cyber criminals to infect devices that use BusyBox software. Trend Micro invites administrators to change the default settings for their network devices and disable remote shell, if possible, to avoid its exploitation. The attack scenario is very simple, the malicious code first scans the network searching for the application and attempts to access them by using a set of credentials from a predefined dictionary. Once a connection is established, it runs the command to download and run bin.sh and bin2.sh scripts, gaining control over the Busybox system.”]
Source: https://securityaffairs.co/wordpress/30225/cyber-crime/bashlite-exploits-shellshock.html