Security News > 2022 > June > EnemyBot malware adds enterprise flaws to exploit arsenal

The botnet malware EnemyBot has added exploits to its arsenal, allowing it to infect and spread from enterprise-grade gear.

"The threat group behind EnemyBot, Keksec, is well-resourced and has the ability to update and add new capabilities to its arsenal of malware on a daily basis," Ofer Caspi, a security researcher with Alien Labs, wrote in a blog post this month.

"Most of EnemyBot functionality relates to the malware's spreading capabilities, as well as its ability to scan public-facing assets and look for vulnerable devices. However, the malware also has DDoS capabilities and can receive commands to download and execute new code from its operators that give the malware more functionality."

The owner of the EnemyBot code repository on GitHub describes themselves as a "Full time malware dev" who can be tapped up by others for contract work, according to Alien Labs.

The repo includes a Python script file that fetches dependencies and compiles the malware for various processor architectures, such as x86, Arm, PowerPC, and MIPS, and operating systems including Linux, FreeBSD, and macOS. Once compiled, a downloader is created that, when run on a compromised device, fetches and runs built EnemyBot executables.

The idea would be: build the malware, generate a downloader that fetches the malware once on a compromised machine, get the bot onto a few victims' devices, and let it rip, scanning the internet for more systems to automatically infect and run itself on.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/06/01/enemybot-botnet-exploits/