Security researchers have discovered a new type of malware targeting the Internet of Things. It uses over 30 different vulnerabilities. BotenaGo malware, described by cybersecurity researchers at AT&T Alien Labs, uses multiple methods to attack its targets in order to create a backdoor on compromised devices. “With more than 30 exploits, it has the potential to attack millions of routers and IoT devices,” said the researchers.
Some antivirus suites recognize the malware as a variant of Mirai, the IoT malware botnet that flooded large parts of the Internet with DDoS attacks in 2016. Although Maölware looks similar at first glance, it differs considerably because it is written in the Go programming language.
BotenaGo scans the internet looking for vulnerable targets, and the analysis of the code shows that the attacker is given a global infection counter that shows them how many devices are vulnerable at any given time. The people behind them are able to exploit the vulnerabilities in devices connected to the Internet and execute remote shell commands – which attackers could potentially use as a gateway into an inadequately secured network.
However, according to the researchers, the malware does not currently communicate with a command server. That could mean that BotenaGo is just one module in a larger malware suite that is not currently being used for attacks. There is also the possibility that it is connected to Mirai and used by the people behind Mirai to attack certain machines. Ultimately, the researchers also suspect that BotenaGo is still in development and that a beta version was accidentally released too early – and therefore cannot achieve much.