A newly discovered form of malware that exploits dozens of flaws has been found to be attacking targeting millions of routers and “internet of things” devices.
First detailed today by researchers at AT&T Alien Labs, the “BotenaGo” malware is written in the open-source programming language Golang and is being deployed with more than 30 different exploit functions to attack a target. The malware creates a backdoor and waits to receive a target to attack from a remote operator.
The name of the malware comes from how it’s being distributed. BotenaGo is targeting IoT devices and Linux-embedded routers through botnets, which are networks of hijacked computers and other devices.
Upon receiving a command from an operator, BotenaGo will execute remote shell commands, or instructions, on devices in which a vulnerability has been successfully exploited. The malware uses different links, each with a different payload, depending on the infected system.
Differentiating itself from other forms of malware, the AT&T Alien Labs researchers noted that BotenaGo does not have any active communication with a command-and-control server. Typically, most if not all forms of malware have such a link.
The researchers admitted that they don’t understand the lack of a link ether. Their best guesses are that BotenaGo is part of a bigger malware suite and only one infection module in a broader attack. The next guesses include that maybe BotenaGo is a part of the Mirai malware or that the malware is still in a beta phase and has been actively leaked.
“Malware authors continue to create new techniques for writing malware and upgrading its capabilities,” the researchers noted. “In this case, new malware written in Golang can run as a botnet on different OS platforms with small modifications.”
The recommended actions to mitigate against the risk include regular software updates, monitoring network traffic and ensuring minimum exposure to the internet on Linux servers and IoT devices, along with the use of a properly configured firewall.
“This new malware demonstrates the dangers of using unsupported or unpatched devices, especially when connected directly to the internet,” Erich Kron, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE. “Bad actors, such as those at work here, love to exploit these devices to gain access to the internal networks behind them, or just to use it as a platform from which to launch other attacks.
Timely patching of internet-facing devices is absolutely critical to avoid becoming a victim and lower the risk of an internal breach through the vulnerable systems, Krom added. In cases where patching the vulnerabilities isn’t possible, organizations should replace the systems as soon as possible.
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.