Millions Of IoT Devices At Risk To Malware

Uploaded on 2022-01-31 in TECHNOLOGY-Key Areas-Internet of Things, TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A dangerous malware, called BotenaGo, is targeting millions of Internet of Things (IoT) devices has been uploaded to GitHub, enabling criminals will use it to attack vulnerable systems. 

BotenaGo scans the Internet looking for vulnerable targets and analysis of the code reveals that the attacker is presented with a live global infection counter that tells them how many devices are compromised at any given time. 

The risk is that this  could result in a significant increase in BotenaGo variants as other malware authors use and adapt the source code for their cyber attack campaigns. 

BotenaGo malware was first spotted by researchers at AT&T Alien Labs in November 2021. Written in Go, a programming language that has become quite popular among malware authors, the malware includes exploits for more than 30 different vulnerabilities in products from multiple vendors.

BotenaGo starts by presenting the total number of infected devices to the hacker’s payload interface, which occurs before injecting shell script files into the host console’s operating system.  The attack surface is then assaulted by employing a function to map the victim’s device to narrow down the scope of the assault. Each destination is defined in command terminal strings to launch malicious malware on the target device. Following that, a request is sent to the IoT endpoint to verify that the destination is legitimate. To send the malicious payload, the attackers must press the enter key.

The malware is designed to execute remote shell commands on systems where it has successfully exploited a vulnerability. It resembles the Mirai botnet that closed off internet access for much of the US East Coast in 2016. 

The researchers at  AT&T  found that while the malware is designed to receive commands from a remote server, it does not have any active command-and-control communication. This suggests that at the time that BotenaGo is part of a broader malware suite and likely one of multiple tools in an infection chain. 

AT&T also found that BotenaGo’s payload links were similar to the ones used by the operators of Mirai botnet malware. This led them conclude that BotenaGo is a new tool that the operators of Mirai are using to target specific machines known to them.

Making the malware publicly available through GitHub could potentially result in a significant increase in BotenaGo variants as other malware authors use and adapt the source code for their specific purposes and attack campaigns. 

AT&T:        Dark Reading:       IotWorldToday:     I-HLS:     Lifars:     SISA

You Might Also Read:

Internet of Things (IoT) Review (£):

 

« DDoS Attack Knocks Out Andorra's Internet
Artificial Intelligence Is Increasingly Important In Cyber Security  »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

OneLogin

OneLogin

OneLogin simplifies identity management with secure, one-click access,for employees, customers and partners, through all device types, to all enterprise cloud and on-premise applications.

National Information Security & Safety Authority (NISSA) - Libya

National Information Security & Safety Authority (NISSA) - Libya

NISSA is responsible for safeguarding the integrity, availability and resilienceof ICT infrastructure, resources, services and data in Libya.

AVG Technologies

AVG Technologies

AVG is focused on providing home and business computer users with the most comprehensive and proactive protection against computer security threats.

Verlingue

Verlingue

Verlingue (formerly ICB Group) is a leading corporate insurance broker providing Insurance, Risk Management and related advice to businesses and private clients.

Consult Hyperion

Consult Hyperion

Consult Hyperion is an independent strategic and technical consultancy specialising in digital identity and secure electronic transactions.

Simeio Solutions

Simeio Solutions

Simeio is a complete Identity and Access Management (IAM) solution provider that engages securely with anyone, anywhere, anytime.

Appvisory

Appvisory

Appvisory by MediaTest Digital is the leading Mobile Application Management-Software in Europe and enables enterprises to work secure on smartphones and tablets.

Institute of Informatics and Telematics (IIT)

Institute of Informatics and Telematics (IIT)

IIT carries out activities of research, assessment, technology transfer and training in the field of Information and Communication Technologies and of Computational Sciences.

Kickstart

Kickstart

Kickstart supports your startup in scaling deep technology businesses in Switzerland in areas such as AI, Blockchain and Cybersecurity.

Deepnet Security

Deepnet Security

Deepnet Security is a leading security software developer and hardware provider in Multi-Factor Authentication (MFA), Single Sign-On (SSO) and Identity & Access Management (IAM).

HiScout

HiScout

HiScout is your integrated management system for IT governance, risk & compliance.

Infostream

Infostream

Infostream is a leading integrator of Digital Transformations Solutions (DTS); Public, Private, and Hybrid Cloud; Cybersecurity; Data Integrity; DevOps, DevSecOps, and Infrastructures.

BrainStorm

BrainStorm

BrainStorm Threat Defense takes a new human-focused approach to security awareness that traditional training lacks. It’s a cutting-edge platform to make your users more security savvy.

EtherAuthority

EtherAuthority

EtherAuthority's engineering team has been helping blockchain businesses to secure their smart contract based assets since 2018.

eMudhra

eMudhra

eMudhra is a leader in Identity and Transaction Management Solutions.

Blue Mantis

Blue Mantis

Blue Mantis is a security-first, IT solutions and services provider with a 30+ year history of successfully helping clients achieve business modernization.