AT&T Alien Labs has detected a spike in active exploitation attempts on Tenda routers by MooBot, a Mirai variant that has been active since 2019. The latest campaign is targeting Tenda users by exploiting a remote code vulnerability in the router, tracked as CVE-2020-10987. The malicious botnet traffic originated from a single Cyberium malware hosting domain, researchers say. The first request to victims machines from this hosting page was to download a malicious script, which then downloaded a later stage of malware.”]
Source: https://www.cuinfosecurity.com/cyberium-domain-targets-tenda-routers-in-botnet-campaign-a-16892