Content management systems (CMS), web servers, and Android devices are all targets of “EnemyBot,” a fast growing IoT virus. According to analysts, the malware’s spread is thought to be the work of the threat actor group “Keksec.”
In a recent post, AT&T Alien labs stated that “services such as VMware Workspace ONE, Adobe ColdFusion, WordPress, PHP Scriptcase, and more are being targeted, as well as IoT and Android devices.” As part of its exploitation capabilities, the malware is rapidly embracing one-day vulnerabilities.
EnemyBot, according to AT&T’s research of the malware’s code base, takes a lot of code from other botnets including Mirai, Qbot, and Zbot. The Keksec threat group, which was created in 2016 and includes many botnet actors, distributes the malware by targeting Linux PCs and IoT devices.