Security News > 2022 > May > EnemyBot malware adds exploits for critical bugs in VMware, F5 BIG-IP
EnemyBot, a botnet based on code from multiple malware pieces, is expanding its reach by quickly adding exploits for recently disclosed critical vulnerabilities in web servers, content management systems, IoT, and Android devices.
Its main purpose is launching distributed denial-of-service attacks and the malware also has modules to scan for new target devices and infect them.
A new report from AT&T Alien Labs notes that the latest variants of EnemyBot incorporate exploits for 24 vulnerabilities.
Keksec, the group behind EnemyBot, is actively developing the malware and has other malicious projets under its belt: Tsunami, Gafgyt, DarkHTTP, DarkIRC, and Necro.
This appears to be an experienced malware author who shows special care for the newest project, adding new vulnerabilities exploits as soon as they emerge, often before system admins have the chance to apply fixes.
To make matters worse, AT&T reports that someone, likely closely affiliated to Keksec, has released the EnemyBot source code, making it available for any adversary.
News URL
Related news
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- macOS HM Surf vuln might already be under exploit by major malware family (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)