Technology Tips

June 21, 2022

Enemybot Malware May Go Beyond DDOS Attacks

Written By Securafy Team

Unless you're an IT Security Professional, you may never have heard of EnemyBot.  It is a bit like the Frankenstein of malware threats, a botnet that has borrowed code from multiple different sources.

While that's not terribly original, it does make it dangerous. The hackers behind the code are actively adding new exploits as newly disclosed critical vulnerabilities come to light in content management systems, IoT devices, Android devices, and web servers.

The botnet was first seen in action in March and is currently being tracked by researchers at Securonix.  By April, newer code samples were acquired, and the researchers found that EnemyBot had already integrated capabilities to attack flaws in more than a dozen processor architectures.

The botnet doesn't do anything fancy and it mainly relies on DDoS (distributed denial of service) attacks. The latest version spotted has the capability to scan for new target devices and infect them.

According to AT&T's Alien Labs, the most recent code samples contain several new exploits, including those for:

  • CVE-2022-22954: Critical (CVSS: 9.8) A remote code execution flaw impacting VMware Workspace ONE Access and VMware Identity Manager. PoC (proof of concept) exploit was made available in April 2022.
  • CVE-2022-22947: Another remote code execution flaw in Spring, fixed as zero-day in March 2022, and massively targeted throughout April 2022.
  • And CVE-2022-1388: Critical (CVSS: 9.8) Yet another remote code execution flaw impacting F5 BIG-IP, threatening vulnerable endpoints with device takeover. The first PoCs appeared in the wild in May 2022, and active exploitation began almost immediately.

Enemybot is a genuine threat and proof positive that you don't have to be original or engage in out of the box thinking to engineer a serious piece of malware.  Watch out for this one because the developers behind it are clearly just getting warmed up.

Picture of Securafy Team
About The Author
Our team at Securafy brings you the best tech tips, from how-to guides and troubleshooting advice to software reviews and productivity hacks. We're all about empowering businesses with the tools and knowledge they need to thrive in the digital world. Follow our posts to stay equipped with practical insights that make tech work for you.

Join the Conversation

Subscribe to our newsletter

Sign up for our FREE "Cyber Security Tip of the Week!" and always stay one step ahead of hackers and cyber-attacks.