Home » BotenaGo botnet targets millions of IoT devices with 33 exploitsIt was recently discovered that the BotenaGo Botnet targets millions of IoT devices with 33 exploits.Get to know this threat better.The new BotenaGo malware botnet was discovered using over thirty exploits to attack millions of IoT routers and devices.BotenaGo is written in Golang (Go), which has been exploding in popularity in recent years, with malware authors loving it for creating payloads that are harder to detect and reverse engineer.In the case of BotenaGo, only six of the 62 AV engines in VirusTotal flag the sample as malicious and some identify it as Mirai.BotenaGo Botnet Targets Millions of IoT Devices with 33 Exploits BotenaGo incorporates 33 exploits for a variety of routers, modems, and NAS devices, with some notable examples below:AT&T researchers who analyzed the new botnet found that it targets millions of devices with functions that exploit the above flaws.An example given is the search string of Boa, which is a deprecated open source web server used in embedded applications and which still returns nearly two million internet facing devices on Shodan.BotenaGo botnet targets millions of IoT devices with 33 exploits Another notable example is the targeting of CVE-2020-10173, a command injection flaw in Comtrend VR-3033 gateway devices, of which 250,000 are still exploitable.When installed, the malware listens on two ports (31412 and 19412), where it waits for an IP address to be sent.Once one is received, the bot will exploit every vulnerability at that IP address to gain access.BotenaGo Botnet Targets Millions of IoT Devices with 33 Exploits Once BotenaGo gains access, it will execute remote shell commands to recruit the device to the botnet.Depending on which device is targeted, the malware uses different links to look for a corresponding payload.At the time of analysis, however, there were no payloads on the hosting server, so none could be retrieved for analysis.Furthermore, the researchers did not find active C2 communication between BotenaGo and an actor-controlled server, so they offered three potential explanations for how it operates:BotenaGo is just one part (module) of a modular multi-stage malware attack, and is not responsible for handling communications.BotenaGo is a new tool used by Mirai operators on certain machines, a scenario that is supported by common payload drop links.The malware is not yet ready to operate and a sample of its early development phase was accidentally leaked.In conclusion, the appearance of BotenaGo in the wild is unusual due to its incomplete operational status, but its underlying capabilities leave no doubt as to the intent of its authors.Fortunately, the new botnet was identified early on and indicators of compromise are now available.Still, as long as there are a lot of vulnerable online devices to be exploited, the incentive will be there for threat actors to continue BotenaGo's development.How to install YouTube Music AudioTube client on LinuxGet to know some easy ways to download YouTube videos (and others) on LinuxHow to install streamCapture2 video streaming downloader on LinuxHow to install chat client for twitch.tv Chatterino on LinuxEdivaldo Brito is a systems analyst, IT manager, blogger and also a big fan of operating systems, databases, free software, networks, programming, mobile devices and everything else that involves technology.How to install OpenClonk game on Ubuntu and derivativesHow to install Opera developer browser on Linux via SnapHow to install Index file manager on Linux via FlatpakBlog do Edivaldo is a site that makes Linux uncomplicated with news, tips, tutorials and information about Ubuntu, Debian, Mint, Fedora, openSUSE, Arch, Redhat, CentOS, Manjaro and much more information about Linux, free and open source software.Modify your privacy setting