Security News > 2022 > May > EnemyBot Linux Botnet Now Exploits Web Server, Android and CMS Vulnerabilities
A nascent Linux-based botnet named Enemybot has expanded its capabilities to include recently disclosed security vulnerabilities in its arsenal to target web servers, Android devices, and content management systems.
"The malware is rapidly adopting one-day vulnerabilities as part of its exploitation capabilities," AT&T Alien Labs said in a technical write-up published last week.
"In case an Android device is connected through USB, or Android emulator running on the machine, EnemyBot will try to infect it by executing [a] shell command," the researchers said, pointing to a new "Adb infect" function.
ADB refers to Android Debug Bridge, a command-line utility used to communicate with an Android device.
Besides the Log4Shell vulnerabilities that came to light in December 2021, this includes recently patched flaws in Razer Sila routers, VMware Workspace ONE Access, and F5 BIG-IP as well as weaknesses in WordPress plugins like Video Synchro PDF. Other weaponized security shortcomings are below -.
CVE-2021-4039 - A command injection vulnerability in the web interface of the Zyxel.
News URL
https://thehackernews.com/2022/05/enemybot-linux-botnet-now-exploits-web.html
Related news
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) (source)
- PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)
- Week in review: Botnet hits M365 accounts, PoC for Ivanti Endpoint Manager vulnerabilities released (source)
- Vo1d Botnet's Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-01 | CVE-2021-4039 | OS Command Injection vulnerability in Zyxel Nwa1100-Nh Firmware A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. | 9.8 |