The Enemybot Botnet Takes Over IoT Devices to Execute DDoS Attacks

A new spin-off of the Mirai Botnet has been detected in the wild, and it appears to be the product of Keksec. The latter is a cybercrime organization known for engaging in Distributed-Denial-of-Service attacks and crypto-jacking campaigns. Their latest threatening tool is the Enemybot Botnet, which makes heavy use of the original code of the Mirai Botnet. However, the criminals have made several major improvements to enhance the botnet's functionality, as well as keep it hidden, by allowing it to be controlled through a TOR-based Command-and-Control server.

The Enemybot Botnet targets a wide range of routers and Internet-of-Things (IoT) devices that use outdated firmware or poor login credentials. The easiest way to make sure that you do not fall victim to the Enemybot Botnet and similar threats is to keep all the firmware of all Internet-connected devices up-to-date.

The Enemybot Botnet's primary focus is D-Link and NetGear routers, and the criminals are relying on exploits, which can be traced back to 2018. Of course, many of the vulnerable devices have already been hijacked by other botnets. This is why the Enemybot Botnet has a peculiar feature, which checks infected devices for the presence of a pre-defined list of files or processes affiliated with other botnet projects. If a match is found, the Enemybot Botnet can remove the previous infection, eliminating competitors effectively.

Once the Enemybot Botnet is active, it can send out commands to all infected devices, commanding them to carry out a wide range of DDoS attacks that could take down servers fully, or at the very minimum, hinder their performance.

To ensure that none of your devices get taken over by the Enemybot Botnet, you should use the latest firmware, as well as strong login credentials.