Researchers at AT&T discovered a new BotenaGo botnet that is using 33 exploits to target millions of routers and IoT devices.
BotenaGo, written in Golang (Go) has gained popularity in recent years which is used for making payloads that are harder to detect and reverse engineer. It has a low antivirus (AV) detection rate (6/62).
An example given is the search string for Boa, a discontinued open-source web server used in embedded applications and one that still returns about two million Internet-facing devices on Shodan.
In the case of BotenaGo, only six out of 62 AV engines on VirusTotal flag the sample as malicious, and some identify it as Mirai.
When installed, the malware will listen on two ports (31412 and 19412), where it waits for an IP address to be sent to it. Once one is received, the bot will exploit each vulnerability on that IP address to gain access.
The malware uses different links to fetch a matching payload, depending on the targeted device. Since there are numerous vulnerable online devices to exploit, the researchers speculate the malware could be enhanced by integrating new exploits.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
