Security News > 2022 > April > New EnemyBot DDoS botnet recruits routers and IoTs into its army
A new Mirai-based botnet malware named Enemybot has been observed growing its army of infected devices through vulnerabilities in modems, routers, and IoT devices, with the threat actor operating it known as Keksec.
The particular threat group specializes in crypto-mining and DDoS; both supported by botnet malware that can nest in IoT devices and hijack their computational resources.
CVE-2022-25075 to 25084: Set of flaws targeting TOTOLINK routers.
The same set is also exploited by the Beastmode botnet.
To prevent Enemybot or any other botnet from infecting your devices and recruiting them to malicious DDoS botnets, always apply the latest available software and firmware updates for your product.
If your router becomes unresponsive, internet speeds drop, and is heating up more than usual, you may be dealing with a botnet malware infection.
News URL
Related news
- Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign (source)
- Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft (source)
- IoT Devices in Password-Spraying Botnet (source)
- AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services (source)
- Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices (source)
- Juniper warns of Mirai botnet targeting Session Smart routers (source)
- Juniper warns of Mirai botnet scanning for Session Smart routers (source)
- New botnet exploits vulnerabilities in NVRs, TP-Link routers (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-24 | CVE-2022-25075 | OS Command Injection vulnerability in Totolink A3000Ru Firmware V5.9C.2280B20180512 TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. | 9.8 |