A newly discovered form of malware that exploits dozens of flaws has been found to be attacking targeting millions of routers and IoT devices.

The “BotenaGo” malware is written in the open-source programming language Golang and is being deployed with more than 30 different exploit functions to attack a target infects Linux embedded IoT devices. The malware creates a backdoor and waits to receive a target to attack from a remote operator.

Advertisements

Upon receiving a command from an operator, BotenaGo will execute remote shell commands, or instructions, on devices in which a vulnerability has been successfully exploited. The malware uses different links, each with a different payload, depending on the infected system. It does not have any active communication with C2C server. Typically, most if not all forms of malware have such a link.

The researchers admitted that they don’t understand the lack of a link ether. Their best guesses are that BotenaGo is part of a bigger malware suite and only one infection module in a broader attack. The next guesses include that maybe BotenaGo is a part of the Mirai malware or that the malware is still in a beta phase and has been actively leaked.

To mitigate against the risk include regular software updates, monitoring network traffic and ensuring minimum exposure to the internet on Linux servers and IoT devices, along with the use of a properly configured firewall.

Timely patching of internet facing devices is absolutely critical to avoid becoming a victim and lower the risk of an internal breach through the vulnerable systems.In cases where patching the vulnerabilities isn’t possible, organizations should replace the systems as soon as possible.

Advertisements

Indicators of Compromise

SHA256

0c395715bfeb8f89959be721cd2f614d2edb260614d5a21e90cc4c142f5d83ad

URL