HPE says hackers breached Aruba Central using stolen access key
FBI warns of Iranian hackers looking to buy US orgs’ stolen data
Telnyx is the latest VoIP provider hit with DDoS attacks
NUCLEUS:13 TCP security bugs impact critical healthcare devices
Windows 10 App Installer abused in BazarLoader malware attacks
BotenaGo botnet targets millions of IoT devices with 33 exploits
How to fix the Windows 0x0000007c network printing error
AMD fixes dozens of Windows 10 graphics driver security bugs
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
The new BotenaGo malware botnet has been discovered using over thirty exploits to attack millions of routers and IoT devices.
BotenaGo was written in Golang (Go), which has been exploding in popularity in recent years, with malware authors loving it for making payloads that are harder to detect and reverse engineer.
In the case of BotenaGo, only six out of 62 AV engines on VirusTotal flag the sample as malicious, and some identify it as Mirai.
BotenaGo incorporates 33 exploits for a variety of routers, modems, and NAS devices, with some notable examples given below:
Researchers at AT&T who analyzed the new botnet found that it targets millions of devices with functions that exploit the above flaws.
An example given is the search string for Boa, which is a discontinued open-source web server used in embedded applications and one that still returns nearly two million internet-facing devices on Shodan.
Another notable example is the targeting of CVE-2020-10173, a command-injection flaw in Comtrend VR-3033 gateway devices, of which 250,000 are still exploitable.
When installed, the malware will listen on two ports (31412 and 19412), where it waits for an IP address to be sent to it. Once one is received, the bot will exploit each vulnerability on that IP address to gain access.
Once BotenaGo gains access, it will execute remote shell commands to recruit the device into the botnet.
Depending on which device is targeted, the malware uses different links to fetch a matching payload.
At the time of the analysis, though, there were no payloads on the hosting server, so none could be retrieved for analysis.
Furthermore, the researchers didn’t find an active C2 communication between BotenaGo and an actor-controlled server, so they give three potential explanations on how it operates:
In conclusion, the appearance of BotenaGo in the wild is unusual given its incomplete operational status, but its underlying capabilities are leaving no doubt about the intention of its authors.
Fortunately, the new botnet has been spotted early, and the indicators of compromise are already available. Still, as long as there’s a wealth of vulnerable online devices to exploit, the incentive is there for the threat actors to continue the development of BotenaGo.
Spammers use Squirrelwaffle malware to drop Cobalt Strike
MyKings botnet still active and making massive amounts of money
FreakOut botnet now attacks vulnerable video DVR devices
Flubot Android malware now spreads via fake security updates
OMIGOD: Microsoft Azure VMs exploited to drop Mirai, miners
Not a member yet? Register Now
Microsoft urges Exchange admins to patch bug exploited in the wild
Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Cisco fixes hard-coded credentials and default SSH key issues

CISA orders federal agencies to fix hundreds of exploited security flawsUS sanctions…

Fake end-to-end encrypted chat app distributes Android spyware

FBI system hacked to email ‘urgent’ warning about fake cyberattacksNew Windows 11…

Windows 11 KB5007215 update released with application fixes

Microsoft urges Exchange admins to patch bug exploited in the wildMicrosoft November…

Microsoft warns of the evolution of six Iranian hacking groups

Windows 10 21H2 is released, here are the new featuresNew Rowhammer technique…