EnemyBot Takes Aim at CMS Servers and Mobile Devices
Researchers with AT&T Alien Labs have picked apart a new botnet called EnemyBot. The malware is allegedly developed and used by the threat actor that goes by the name Keksec, also known as Kek Security and Freakout.
According to the new research, the botnet is being rapidly upgraded and expanded with new functionality. EnemyBot is now aiming to infest a wide range of devices and systems, including Internet of Things units, content management system servers and mobile devices running Android.
Part of EnemyBot's expansion and newly added capabilities include exploiting a number of newly discovered vulnerabilities. EnemyBot itself is a bit of a Frankenstein monster, sourcing chunks of its code and functionality from a number of other infamous botnets, such as Mirai and Qbot. To make matters worse, the latest versions of EnemyBot's source code have been put up on GitHub and are available to any threat actor who wants to give it a try.
Keksec, the threat actor behind EnemyBot, has rich former experience with operating botnet malware. Keksec is believed to have previously developed botnet malware that targeted both Linux and Windows systems, as well as a Python-based dual-system botnet.
Among the new capabilities of the malware is the exploitation of the infamous Log4j vulnerability and a handful of other security flaws discovered over the last couple of months.