Security News > 2022 > May > EnemyBot malware adds exploits for critical bugs in VMware, F5 BIG-IP
EnemyBot, a botnet based on code from multiple malware pieces, is expanding its reach by quickly adding exploits for recently disclosed critical vulnerabilities in web servers, content management systems, IoT, and Android devices.
Its main purpose is launching distributed denial-of-service attacks and the malware also has modules to scan for new target devices and infect them.
A new report from AT&T Alien Labs notes that the latest variants of EnemyBot incorporate exploits for 24 vulnerabilities.
Keksec, the group behind EnemyBot, is actively developing the malware and has other malicious projets under its belt: Tsunami, Gafgyt, DarkHTTP, DarkIRC, and Necro.
This appears to be an experienced malware author who shows special care for the newest project, adding new vulnerabilities exploits as soon as they emerge, often before system admins have the chance to apply fixes.
To make matters worse, AT&T reports that someone, likely closely affiliated to Keksec, has released the EnemyBot source code, making it available for any adversary.
News URL
Related news
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- Critical security hole in Apache Struts under exploit (source)
- Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits (source)
- Adobe warns of critical ColdFusion bug with PoC exploit code (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Fake LDAPNightmware exploit on GitHub spreads infostealer malware (source)