Security News > 2022 > June > EnemyBot malware adds enterprise flaws to exploit arsenal
The botnet malware EnemyBot has added exploits to its arsenal, allowing it to infect and spread from enterprise-grade gear.
"The threat group behind EnemyBot, Keksec, is well-resourced and has the ability to update and add new capabilities to its arsenal of malware on a daily basis," Ofer Caspi, a security researcher with Alien Labs, wrote in a blog post this month.
"Most of EnemyBot functionality relates to the malware's spreading capabilities, as well as its ability to scan public-facing assets and look for vulnerable devices. However, the malware also has DDoS capabilities and can receive commands to download and execute new code from its operators that give the malware more functionality."
The owner of the EnemyBot code repository on GitHub describes themselves as a "Full time malware dev" who can be tapped up by others for contract work, according to Alien Labs.
The repo includes a Python script file that fetches dependencies and compiles the malware for various processor architectures, such as x86, Arm, PowerPC, and MIPS, and operating systems including Linux, FreeBSD, and macOS. Once compiled, a downloader is created that, when run on a compromised device, fetches and runs built EnemyBot executables.
The idea would be: build the malware, generate a downloader that fetches the malware once on a compromised machine, get the bot onto a few victims' devices, and let it rip, scanning the internet for more systems to automatically infect and run itself on.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/06/01/enemybot-botnet-exploits/
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims (source)
- Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP (source)