Millions Of IoT Devices At Risk To Malware

Uploaded on 2022-01-31 in TECHNOLOGY-Key Areas-Internet of Things, TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A dangerous malware, called BotenaGo, is targeting millions of Internet of Things (IoT) devices has been uploaded to GitHub, enabling criminals will use it to attack vulnerable systems. 

BotenaGo scans the Internet looking for vulnerable targets and analysis of the code reveals that the attacker is presented with a live global infection counter that tells them how many devices are compromised at any given time. 

The risk is that this  could result in a significant increase in BotenaGo variants as other malware authors use and adapt the source code for their cyber attack campaigns. 

BotenaGo malware was first spotted by researchers at AT&T Alien Labs in November 2021. Written in Go, a programming language that has become quite popular among malware authors, the malware includes exploits for more than 30 different vulnerabilities in products from multiple vendors.

BotenaGo starts by presenting the total number of infected devices to the hacker’s payload interface, which occurs before injecting shell script files into the host console’s operating system.  The attack surface is then assaulted by employing a function to map the victim’s device to narrow down the scope of the assault. Each destination is defined in command terminal strings to launch malicious malware on the target device. Following that, a request is sent to the IoT endpoint to verify that the destination is legitimate. To send the malicious payload, the attackers must press the enter key.

The malware is designed to execute remote shell commands on systems where it has successfully exploited a vulnerability. It resembles the Mirai botnet that closed off internet access for much of the US East Coast in 2016. 

The researchers at  AT&T  found that while the malware is designed to receive commands from a remote server, it does not have any active command-and-control communication. This suggests that at the time that BotenaGo is part of a broader malware suite and likely one of multiple tools in an infection chain. 

AT&T also found that BotenaGo’s payload links were similar to the ones used by the operators of Mirai botnet malware. This led them conclude that BotenaGo is a new tool that the operators of Mirai are using to target specific machines known to them.

Making the malware publicly available through GitHub could potentially result in a significant increase in BotenaGo variants as other malware authors use and adapt the source code for their specific purposes and attack campaigns. 

AT&T:        Dark Reading:       IotWorldToday:     I-HLS:     Lifars:     SISA

You Might Also Read:

Internet of Things (IoT) Review (£):

 

« DDoS Attack Knocks Out Andorra's Internet
Artificial Intelligence Is Increasingly Important In Cyber Security  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyren

Cyren

Cyren is a cloud-based, Internet security technology company providing threat detection and security analytics.

StickyMinds

StickyMinds

StickyMinds is the web's first interactive testing community exclusively engaged in improving software quality throughout the software development lifecycle.

SynerComm

SynerComm

SynerComm is an IT solution provider specializing in network and security infrastructure, enterprise mobility, remote access, wireless solutions, audit, pentesting and information assurance.

Watchdata Technologies

Watchdata Technologies

Watchdata Technologies is a pioneer in digital authentication and transaction security.

Cynance

Cynance

Cynance are an award-winning, independent cyber security specialist and part of the Transputec family of companies.

MetaCert

MetaCert

MetaCert’s Zero Trust browser software reduces the risk of organizations being compromised with a phishing-led cyberattack by more than 98%.

Mr Backup (MRB)

Mr Backup (MRB)

MRB offers Data Protection as a Service for businesses looking to reduce the time, cost and complexity of securing your company data.

GrayMatter

GrayMatter

GrayMatter provides Advanced Industrial Analytics, OT Cybersecurity, Digital Transformation and Automation & Control services to clients across the U.S. and Canada.

CypherEye

CypherEye

CypherEye is a next generation trust platform that advances the current state of Multi-factor Authentication (MFA) to enable highly secure, private and auditable cyber-transactions.

ISO WISH

ISO WISH

Take your Business to the Next Level with ISO Certification in UAE.

V2X

V2X

V2X delivers IT support, networking, and cybersecurity solutions that ensure optimal mission support and performance.

Netcraft

Netcraft

Netcraft is a global leader in cybercrime detection and disruption, combining cutting-edge technology with decades of experience to protect organizations of all sizes from digital threats and attacks.

Fescaro

Fescaro

FESCARO is a trusted cybersecurity partner for global automakers and their partners, helping them transition to software-defined vehicles (SDVs) with tailored automotive software solutions.

NeuroID

NeuroID

NeuroID combines the power of industry-leading behavioral analytics with advanced device and network intelligence to create your first line of defense against malicious bots, bad actors, and fraud.

S4E (Security for Everyone)

S4E (Security for Everyone)

At S4E.io, our mission is to democratize digital security, making it accessible, simple, and effective for individuals and businesses of all sizes.

Bastion Security Group

Bastion Security Group

Bastion Security combines the skills, expertise and leadership from Quantum Security, ZX Security, Helix Security and Cassini.