• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
enemybot linux botnet now exploits web server, android and cms

EnemyBot Linux Botnet Now Exploits Web Server, Android and CMS Vulnerabilities

You are here: Home / General Cyber Security News / EnemyBot Linux Botnet Now Exploits Web Server, Android and CMS Vulnerabilities
May 30, 2022

A nascent Linux-based mostly botnet named Enemybot has expanded its capabilities to include things like not long ago disclosed security vulnerabilities in its arsenal to concentrate on web servers, Android gadgets, and content management devices (CMS).

“The malware is quickly adopting a person-day vulnerabilities as part of its exploitation capabilities,” AT&T Alien Labs explained in a technical create-up published final 7 days. “Solutions these types of as VMware Workspace One, Adobe ColdFusion, WordPress, PHP Scriptcase and far more are staying qualified as properly as IoT and Android products.”

To start with disclosed by Securonix in March and later by Fortinet, Enemybot has been joined to a threat actor tracked as Keksec (aka Kek Security, Necro, and FreakOut), with early attacks focusing on routers from Seowon Intech, D-Hyperlink, and iRZ.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


CyberSecurity

Enemybot, which is capable of carrying out DDoS attacks, attracts its origins from various other botnets like Mirai, Qbot, Zbot, Gafgyt, and LolFMe. An examination of the most current variant reveals that it truly is manufactured up of 4 different factors –

  • A Python module to down load dependencies and compile the malware for distinct OS architectures
  • The core botnet section
  • An obfuscation segment built to encode and decode the malware’s strings, and
  • A command-and-handle features to receive attack commands and fetch additional payloads

Also included is a new scanner perform which is engineered to search random IP addresses associated with community-experiencing belongings for likely vulnerabilities, whilst also taking into account new bugs in just times of them currently being publicly disclosed.

“In case an Android system is related as a result of USB, or Android emulator functioning on the equipment, EnemyBot will try to infect it by executing [a] shell command,” the researchers stated, pointing to a new “adb_infect” operate. ADB refers to Android Debug Bridge, a command-line utility made use of to converse with an Android product.

In addition to the Log4Shell vulnerabilities that came to mild in December 2021, this consists of a short while ago patched flaws in Razer Sila routers (no CVE), VMware Workspace One particular Accessibility (CVE-2022-22954), and F5 Major-IP (CVE-2022-1388) as well as weaknesses in WordPress plugins like Online video Synchro PDF.

Other weaponized security shortcomings are under –

  • CVE-2022-22947 (CVSS score: 10.) – A code injection vulnerability in Spring Cloud Gateway
  • CVE-2021-4039 (CVSS rating: 9.8) – A command injection vulnerability in the web interface of the Zyxel
  • CVE-2022-25075 (CVSS rating: 9.8) – A command injection vulnerability in TOTOLink A3000RU wi-fi router
  • CVE-2021-36356 (CVSS rating: 9.8) – A remote code execution vulnerability in KRAMER VIAware
  • CVE-2021-35064 (CVSS score: 9.8) – A privilege escalation and command execution vulnerability in Kramer VIAWare
  • CVE-2020-7961 (CVSS rating: 9.8) – A distant code execution vulnerability in Liferay Portal

CyberSecurity

What is actually extra, the botnet’s supply code has been shared on GitHub, producing it commonly readily available to other menace actors. “I presume no duty for any damages brought on by this method,” the project’s README file reads. “This is posted beneath Apache license and is also regarded as art.”

“Keksec’s Enemybot seems to be just starting up to spread, however thanks to the authors’ swift updates, this botnet has the likely to turn into a big threat for IoT gadgets and web servers,” the researchers explained.

“This implies that the Keksec team is well resourced and that the group has created the malware to just take gain of vulnerabilities prior to they are patched, as a result increasing the speed and scale at which it can unfold.”

Identified this article exciting? Comply with THN on Fb, Twitter  and LinkedIn to read much more exclusive content material we put up.


Some components of this article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Third of UK Firms Have Experienced a Security Breach Since 2020
Next Post: Biometric Mobile Payments Set to Exceed $1 Trillion by 2027 Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
  • Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
  • Post-Quantum Cryptography: Finally Real in Consumer Apps?
  • Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
  • Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
  • Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
  • GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
  • China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
  • The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
  • China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Copyright © TheCyberSecurity.News, All Rights Reserved.