Security News > 2022 > April > New EnemyBot DDoS Botnet Borrows Exploit Code from Mirai and Gafgyt
A threat group that pursues crypto mining and distributed denial-of-service attacks has been linked to a new botnet called Enemybot, which has been discovered enslaving routers and Internet of Things devices since last month.
"This botnet is mainly derived from Gafgyt's source code but has been observed to borrow several modules from Mirai's original source code," Fortinet FortiGuard Labs said in a report this week.
The botnet has been attributed to an actor named Keksec, which has been linked to multiple botnets such as Simps, Ryuk, and Samael, and has a history of targeting cloud infrastructure to carry out crypto mining and DDoS operations.
Enemybot, like the other botnet malware, is the result of combining and modifying the source code of Mirai and Gafgyt, with the latest version using the former's scanner and bot killer modules that are used to scan and terminate competitor processes running on the same devices.
Some of the n-day vulnerabilities used by the botnet to infect more devices are as follows -.
The disclosure comes as researchers from Qihoo 360's Network Security Research Lab detailed a rapidly spreading DDoS botnet called Fodcha that has ensnared more than 10,000 daily active bots, cumulatively infecting over 62,000 unique bots from March 29 to April 10, 2022.
News URL
https://thehackernews.com/2022/04/new-enemybot-ddos-botnet-borrows.html
Related news
- New Eleven11bot botnet infects 86,000 devices for DDoS attacks (source)
- Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Targets Over 6,000 Devices (source)
- Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year (source)
- New Mirai botnet behind surge in TVT DVR exploitation (source)