A new botnet is launching attacks on millions of routers and IoT devices

By Mayank Sharma
published

Malware may have been released accidentally, suggest researchers

Botnet
(Image credit: Shutterstock / BeeBright)

Cybersecurity (opens in new tab) researchers have shared insight into a new malware (opens in new tab) that employs over thirty exploits and can potentially tie millions of routers (opens in new tab), modems (opens in new tab), network-attached storage (NAS (opens in new tab)), and Internet of Things (IoT) (opens in new tab) devices into a botnet.

Discovered by AT&T’s Alien Labs, the new malware, dubbed BotenaGo, is written in the open source Go programming language, which has become popular with malware authors (opens in new tab) of late, thanks to Its ability to code payloads that are harder to detect and reverse engineer, according to BleepingComputer (opens in new tab).

This is also evident in the of BotenaGo, which is flagged by only six out of the 62 antivirus engines on VirusTotal, with some falsely identifying it as the Mirai botnet (opens in new tab).

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window (opens in new tab) <<

“Malware authors continue to create new techniques for writing malware and upgrading its capabilities. In this case, [BotenaGo] can run as a botnet on different OS platforms with small modifications,” writes (opens in new tab) Ofer Caspi Security Researcher at Alien Labs.

Unusual botnet

According to the researchers, the malware creates a backdoor and waits to either receive a target to attack from a remote operator or from another related module running on the same machine.

Surprisingly, BotenaGo does not appear to have any active communication to its command and control (C2) server, confounding the researchers as to its operation. 

The researchers have several theories, one being that the malware is still under development, and was released in the wild accidentally. Another theory is that the malware could actually be part of a "malware suite” in which case there will be another module that does the communication with the C2 server. 

In either case, the researchers suggest admins always keep an eye on outgoing network traffic to watch for unreasonable bandwidth usage.

Build a digital moat around your network using one of these best firewall (opens in new tab) apps and services

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

See more Computing news