Millions Of IoT Devices At Risk To Malware

A dangerous malware, called BotenaGo, is targeting millions of Internet of Things (IoT) devices has been uploaded to GitHub, enabling criminals will use it to attack vulnerable systems. 

BotenaGo scans the Internet looking for vulnerable targets and analysis of the code reveals that the attacker is presented with a live global infection counter that tells them how many devices are compromised at any given time. 

The risk is that this  could result in a significant increase in BotenaGo variants as other malware authors use and adapt the source code for their cyber attack campaigns. 

BotenaGo malware was first spotted by researchers at AT&T Alien Labs in November 2021. Written in Go, a programming language that has become quite popular among malware authors, the malware includes exploits for more than 30 different vulnerabilities in products from multiple vendors.

BotenaGo starts by presenting the total number of infected devices to the hacker’s payload interface, which occurs before injecting shell script files into the host console’s operating system.  The attack surface is then assaulted by employing a function to map the victim’s device to narrow down the scope of the assault. Each destination is defined in command terminal strings to launch malicious malware on the target device. Following that, a request is sent to the IoT endpoint to verify that the destination is legitimate. To send the malicious payload, the attackers must press the enter key.

The malware is designed to execute remote shell commands on systems where it has successfully exploited a vulnerability. It resembles the Mirai botnet that closed off internet access for much of the US East Coast in 2016. 

The researchers at  AT&T  found that while the malware is designed to receive commands from a remote server, it does not have any active command-and-control communication. This suggests that at the time that BotenaGo is part of a broader malware suite and likely one of multiple tools in an infection chain. 

AT&T also found that BotenaGo’s payload links were similar to the ones used by the operators of Mirai botnet malware. This led them conclude that BotenaGo is a new tool that the operators of Mirai are using to target specific machines known to them.

Making the malware publicly available through GitHub could potentially result in a significant increase in BotenaGo variants as other malware authors use and adapt the source code for their specific purposes and attack campaigns. 

AT&T:        Dark Reading:       IotWorldToday:     I-HLS:     Lifars:     SISA

You Might Also Read:

Internet of Things (IoT) Review (£):

 

« DDoS Attack Knocks Out Andorra's Internet
Artificial Intelligence Is Increasingly Important In Cyber Security  »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Northbridge Insurance

Northbridge Insurance

Northbridge is a leading Canadian business insurance provider. Services offered include Cyber Risk insurance.

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

ANTIC is responsible for regulating the activities of electronic security and regulation of the Internet in Cameroon.

NTNU Center for Cyber & Information Security (NTNU CCIS)

NTNU Center for Cyber & Information Security (NTNU CCIS)

NTNU CCIS is a national centre for research, education, testing, training and competence development within the area of cyber and information security.

Pentagon Group

Pentagon Group

Pentagon Group is a provider of security services in high-risk environments, remote areas and emerging markets in support of land-based, aviation, maritime and cyber operations.

Simply Hired

Simply Hired

Simply Hired is a job search engine that collects job listings from all over the web, including company career pages, job boards and niche job websites.

Findcourses.co.uk

Findcourses.co.uk

Findcourses is a dedicated education search engine designed to make it easy for our learners to search and find exactly what they need from our community of trusted training providers.

Componolit

Componolit

Componolit GmbH is a highly specialized company with a strong emphasis on trustworthy software, component-based systems and formal verification.

Tonex

Tonex

Tonex providing industry-leading technology training, courses, seminars, workshops, and consulting services to companies and government organizations around the world.

LogicMonitor

LogicMonitor

LogicMonitor provides SaaS-based IT infrastructure monitoring services for on-premises and multi-cloud environments.

CampusGuard

CampusGuard

CampusGuard focuses on the cybersecurity and compliance needs of campus-based organizations including higher education, healthcare, and state and local government.

ARC Risk and Compliance

ARC Risk and Compliance

ARC Risk and Compliance is a consulting company comprised of a team of AML Specialists completely focused on anti-money laundering compliance and the technologies used to support compliance programs.

Dapple Security

Dapple Security

Dapple Security is creating cutting edge technology utilizing responsible biometrics that protects people and privacy through a first-of-its-kind passwordless platform.

StealthMole

StealthMole

StealthMole is a deep and dark web threat intelligence company that delivers a cloud-based, unified platform for digital investigation, risk assessment, and threat monitoring.

Academia the Technology Group

Academia the Technology Group

Academia specialise in the supply of software, IT hardware, training and service solutions to the public sectors, business and pro media markets.

Prequel

Prequel

Prequel is your real-time problem detection and resolution platform, powered by the global reliability community.

AI EdgeLabs

AI EdgeLabs

AI EdgeLabs is a powerful and autonomous cybersecurity AI platform that helps security teams respond immediately to ongoing attacks and protect Edge/IoT infrastructures.