Millions Of IoT Devices At Risk To Malware
A dangerous malware, called BotenaGo, is targeting millions of Internet of Things (IoT) devices has been uploaded to GitHub, enabling criminals will use it to attack vulnerable systems.
BotenaGo scans the Internet looking for vulnerable targets and analysis of the code reveals that the attacker is presented with a live global infection counter that tells them how many devices are compromised at any given time.
The risk is that this could result in a significant increase in BotenaGo variants as other malware authors use and adapt the source code for their cyber attack campaigns.
BotenaGo malware was first spotted by researchers at AT&T Alien Labs in November 2021. Written in Go, a programming language that has become quite popular among malware authors, the malware includes exploits for more than 30 different vulnerabilities in products from multiple vendors.
BotenaGo starts by presenting the total number of infected devices to the hacker’s payload interface, which occurs before injecting shell script files into the host console’s operating system. The attack surface is then assaulted by employing a function to map the victim’s device to narrow down the scope of the assault. Each destination is defined in command terminal strings to launch malicious malware on the target device. Following that, a request is sent to the IoT endpoint to verify that the destination is legitimate. To send the malicious payload, the attackers must press the enter key.
The malware is designed to execute remote shell commands on systems where it has successfully exploited a vulnerability. It resembles the Mirai botnet that closed off internet access for much of the US East Coast in 2016.
The researchers at AT&T found that while the malware is designed to receive commands from a remote server, it does not have any active command-and-control communication. This suggests that at the time that BotenaGo is part of a broader malware suite and likely one of multiple tools in an infection chain.
AT&T also found that BotenaGo’s payload links were similar to the ones used by the operators of Mirai botnet malware. This led them conclude that BotenaGo is a new tool that the operators of Mirai are using to target specific machines known to them.
Making the malware publicly available through GitHub could potentially result in a significant increase in BotenaGo variants as other malware authors use and adapt the source code for their specific purposes and attack campaigns.
AT&T: Dark Reading: IotWorldToday: I-HLS: Lifars: SISA:
You Might Also Read:
Internet of Things (IoT) Review (£):