Security News > 2022 > April > New EnemyBot DDoS botnet recruits routers and IoTs into its army
A new Mirai-based botnet malware named Enemybot has been observed growing its army of infected devices through vulnerabilities in modems, routers, and IoT devices, with the threat actor operating it known as Keksec.
The particular threat group specializes in crypto-mining and DDoS; both supported by botnet malware that can nest in IoT devices and hijack their computational resources.
CVE-2022-25075 to 25084: Set of flaws targeting TOTOLINK routers.
The same set is also exploited by the Beastmode botnet.
To prevent Enemybot or any other botnet from infecting your devices and recruiting them to malicious DDoS botnets, always apply the latest available software and firmware updates for your product.
If your router becomes unresponsive, internet speeds drop, and is heating up more than usual, you may be dealing with a botnet malware infection.
News URL
Related news
- New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries (source)
- Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft (source)
- IoT Devices in Password-Spraying Botnet (source)
- AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services (source)
- Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-24 | CVE-2022-25075 | OS Command Injection vulnerability in Totolink A3000Ru Firmware V5.9C.2280B20180512 TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. | 9.8 |