Cybersecurity researchers have released new warnings about the EnemyBot malware, which reportedly borrows code from botnets such as Mirai, Qbot, and Zbot. The rapidly evolving tool functions as IoT malware and targets content management systems (CMS) web servers and Android devices. Security researchers believe that the bot might be the work of a threat actor group known as Keksec. AT&T Alien Labs released a post regarding the bot, stating that is has targeted popular services such as VMware Workspace, Adobe ColdFusion, WordPress, PHP Scriptcase, and more.
AT&T stated that the Keksec group distributes the malware by specifically targeting IoT devices and Linux machines. The EnemyBot is not the only botnet in Keksec’s arsenal, as the group dates back to 2016 and has deployed many similar tools over the years. The Alien Lab research team has reported that there are four main sections of the malware, including the main source code and functionality of the malware as well as a python script used to download dependencies and compile the malware into different architectures. Alien Labs recommends that users deploy a strong and properly configured firewall and reduce Linux and IoT devices’ exposure to the internet.
Read More: EnemyBot Malware Targets Web Servers, CMS Tools and Android OS
