Millions Of IoT Devices At Risk To Malware

Uploaded on 2022-01-31 in TECHNOLOGY-Key Areas-Internet of Things, TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A dangerous malware, called BotenaGo, is targeting millions of Internet of Things (IoT) devices has been uploaded to GitHub, enabling criminals will use it to attack vulnerable systems. 

BotenaGo scans the Internet looking for vulnerable targets and analysis of the code reveals that the attacker is presented with a live global infection counter that tells them how many devices are compromised at any given time. 

The risk is that this  could result in a significant increase in BotenaGo variants as other malware authors use and adapt the source code for their cyber attack campaigns. 

BotenaGo malware was first spotted by researchers at AT&T Alien Labs in November 2021. Written in Go, a programming language that has become quite popular among malware authors, the malware includes exploits for more than 30 different vulnerabilities in products from multiple vendors.

BotenaGo starts by presenting the total number of infected devices to the hacker’s payload interface, which occurs before injecting shell script files into the host console’s operating system.  The attack surface is then assaulted by employing a function to map the victim’s device to narrow down the scope of the assault. Each destination is defined in command terminal strings to launch malicious malware on the target device. Following that, a request is sent to the IoT endpoint to verify that the destination is legitimate. To send the malicious payload, the attackers must press the enter key.

The malware is designed to execute remote shell commands on systems where it has successfully exploited a vulnerability. It resembles the Mirai botnet that closed off internet access for much of the US East Coast in 2016. 

The researchers at  AT&T  found that while the malware is designed to receive commands from a remote server, it does not have any active command-and-control communication. This suggests that at the time that BotenaGo is part of a broader malware suite and likely one of multiple tools in an infection chain. 

AT&T also found that BotenaGo’s payload links were similar to the ones used by the operators of Mirai botnet malware. This led them conclude that BotenaGo is a new tool that the operators of Mirai are using to target specific machines known to them.

Making the malware publicly available through GitHub could potentially result in a significant increase in BotenaGo variants as other malware authors use and adapt the source code for their specific purposes and attack campaigns. 

AT&T:        Dark Reading:       IotWorldToday:     I-HLS:     Lifars:     SISA

You Might Also Read:

Internet of Things (IoT) Review (£):

 

« DDoS Attack Knocks Out Andorra's Internet
Artificial Intelligence Is Increasingly Important In Cyber Security  »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

CyberPolicy

CyberPolicy

CyberPolicy is a cyber protection solution for small businesses. It combines three important components against cyber threats - Cyber Plan, Cybersecurity and Cyber Insurance.

Metro Systems

Metro Systems

Metro Systems offer fully integrated IT solutions & services covering Digital Transformation, Digital Infrastructure, Cyber Security and Training.

Eskive

Eskive

Eskive is a Brazilian cyber security awareness and education platform that empowers users and strengthens their company in the face of cyber threats.

Red Alert Labs

Red Alert Labs

Red Alert Labs is an IoT security provider. We created an independent security lab with a disruptive business offer to solve the technical and commercial challenges in IoT.

Sompo International

Sompo International

Sompo International is a global specialty provider of property and casualty insurance and reinsurance services including Cyber & Network Risk.

BrandProtections.Online

BrandProtections.Online

BrandProtections.online offer end-to-end customer support solutions to help protect against threats which may affect your brand online.

DKBInnovative

DKBInnovative

DKBinnovative is a best-practice driven IT management firm that provides secure, reliable IT solutions to productivity-focused clients around the globe.

Iterasec

Iterasec

Iterasec provides a full range of security services to hacker-proof your products and make software engineering process secure by design.

Panacea Infosec

Panacea Infosec

Panacea Infosec is a leading provider of information security compliance services. We help our clients in protecting their data, reducing security risks and fighting cybercrime.

SMARTEST

SMARTEST

SMARTEST is a world-class IT solutions provider active in the most challenging and demanding industries such as the oil and gas industries.

Akamai Technologies

Akamai Technologies

Akamai's leading security, compute, and delivery solutions are helping global companies make life better for billions of people, billions of times a day.

Saiflow

Saiflow

SaiFlow provides a tailor-made cybersecurity solution for Electric Vehicles Charging Infrastructure (EVCI), Distributed Energy Resources (DERs) and energy networks and assets.

Crispmind

Crispmind

Crispmind creates innovative solutions to some of today’s most challenging technology problems.

KBE Information Security

KBE Information Security

KBE is a global consulting firm, with offices in Toronto and Milan, which specializes in the area of IT and information security with over 20 years of experience.

Inroad Technologies

Inroad Technologies

Inroad Technologies provide IT services that help keep your business computers, servers and networks secure and trouble-free.

eTech S.C.

eTech S.C.

eTech specialize in a broad range of technology solutions, including software development, cybersecurity, infrastructure, and IT outsourcing (ITO) services.