New security vulnerabilities have been added by Keksec threat group, also known as Kek Security, FreakOut, and Necro, to its Enemybot Linux-based botnet
to attack web servers, content management systems, and Android devices, reports The Hacker News
VMware Workspace ONE, WordPress, Adobe ColdFusion, and PHP Scriptcase, as well as Android and IoT devices have been targeted by the updated version of Enemybot, which AT&T Alien Labs researchers found to have a Python module for dependency downloads and malware compilation for various OS architectures; an obfuscation segment for malware string encoding and decoding; core botnet section; and a command-and-control server.
"Keksec's Enemybot appears to be just starting to spread, however due to the authors' rapid updates, this botnet has the potential to become a major threat for IoT devices and web servers... This indicates that the Keksec group is well resourced and that the group has developed the malware to take advantage of vulnerabilities before they are patched, thus increasing the speed and scale at which it can spread," said researchers.