• Latest
  • Trending
EnemyBot malware adds exploits for critical VMware, F5 BIG-IP flaws

EnemyBot malware adds exploits for critical VMware, F5 BIG-IP flaws

May 30, 2022
Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Friday, 17 July, 2026
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

EnemyBot malware adds exploits for critical VMware, F5 BIG-IP flaws

by ITECHNEWS
May 30, 2022
in Infosec, Leading Stories
0 0
0
EnemyBot malware adds exploits for critical VMware, F5 BIG-IP flaws

EnemyBot, a botnet based on code from multiple malware pieces, is expanding its reach by quickly adding exploits for recently disclosed critical vulnerabilities in web servers, content management systems, IoT, and Android devices.

The botnet was first discovered in March by researchers at Securonix and by April, when analysis of newer samples emerged from Fortinet, EnemyBot had already integrated flaws for more than a dozen processor architectures.

YOU MAY ALSO LIKE

French Telco Orange Hit by Cyber-Attack

ATC Ghana supports Girls-In-ICT Program

Its main purpose is launching distributed denial-of-service (DDoS) attacks and the malware also has modules to scan for new target devices and infect them.

New variant additions

A new report from AT&T Alien Labs notes that the latest variants of EnemyBot incorporate exploits for 24 vulnerabilities. Most of them are critical but there are several that don’t even have a CVE number, which makes it more difficult for defenders to implement protections.

In April, most of the flaws related to routers and IoT devices, with CVE-2022-27226 (iRZ) and CVE-2022-25075 (TOTOLINK) being among the most recent ones and Log4Shell being the most notable.

However, a new variant analyzed by AT&T Alien Labs included exploits for the following security issues:

  • CVE-2022-22954: Critical (CVSS: 9.8) remote code execution flaw impacting VMware Workspace ONE Access and VMware Identity Manager. PoC (proof of concept) exploit was made available in April 2022.
  • CVE-2022-22947: Remote code execution flaw in Spring, fixed as zero-day in March 2022, and massively targeted throughout April 2022.
  • CVE-2022-1388: Critical (CVSS: 9.8) remote code execution flaw impacting F5 BIG-IP, threatening vulnerable endpoints with device takeover. The first PoCs appeared in the wild in May 2022, and active exploitation began almost immediately.
Addition of CVE-2022-22954 in EnemyBot's code
Addition of CVE-2022-22954 in EnemyBot’s code (AT&T)

Looking at the list of supported commands by a newer versions of the malware, RSHELL stands out, used to create a reverse shell on the infected system. This allows the threat actor to bypass firewall restrictions and get access to the compromised machine.

All of the commands seen in the previous version are still present, offering a rich list of options concerning DDoS attacks.

Outlook

Keksec, the group behind EnemyBot, is actively developing the malware and has other malicious projets under its belt: Tsunami, Gafgyt, DarkHTTP, DarkIRC, and Necro.

This appears to be an experienced malware author who shows special care for the newest project, adding new vulnerabilities exploits as soon as they emerge, often before system admins have the chance to apply fixes.

To make matters worse, AT&T reports that someone, likely closely affiliated to Keksec, has released the EnemyBot source code, making it available for any adversary.

The recommendations for protecting against this type of threat include patching software products as soon as updates become available and monitoring network traffic, including outbound connections.

At this moment, EnemyBot’s main purpose is DDoS attacks but other possibilities are also to be considered (e.g. cryptomining, access), especially since the malware is now targeting more powerful devices.

Source: Bill Toulas
Via: bleepingcomputer
Tags: EnemyBot malware adds exploits for critical VMware
ShareTweet

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025

Recent News

  • Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa July 29, 2025
  • French Telco Orange Hit by Cyber-Attack July 29, 2025
  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version