Security News > 2022 > May > EnemyBot malware adds exploits for critical VMware, F5 BIG-IP flaws
EnemyBot, a botnet based on code from multiple malware pieces, is expanding its reach by quickly adding exploits for recently disclosed critical vulnerabilities in web servers, content management systems, IoT, and Android devices.
The botnet was first discovered in March by researchers at Securonix and by April, when analysis of newer samples emerged from Fortinet, EnemyBot had already integrated flaws for more than a dozen processor architectures.
Its main purpose is launching distributed denial-of-service attacks and the malware also has modules to scan for new target devices and infect them.
A new report from AT&T Alien Labs notes that the latest variants of EnemyBot incorporate exploits for 24 vulnerabilities.
Keksec, the group behind EnemyBot, is actively developing the malware and has other malicious projets under its belt: Tsunami, Gafgyt, DarkHTTP, DarkIRC, and Necro.
This appears to be an experienced malware author who shows special care for the newest project, adding new vulnerabilities exploits as soon as they emerge, often before system admins have the chance to apply fixes.
News URL
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws (source)
- Hackers exploit critical unpatched flaw in Zyxel CPE devices (source)
- Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)