The BotenaGo Botnet Targets IoT Devices

BotenaGo is a virus developed in Golang (Go), a programing language that has exploded in popularity in recent years, with malware developers praising it for producing harder-to-detect and reverse-engineer payloads.

A botnet, as explained by Cezarina, is a collection of infected computers or other internet-connected devices that interact with one another to carry out the same malicious acts, such as spam campaigns or distributed denial-of-service attacks. Online criminals can remotely manipulate the network to serve their own goals, allowing them to escape detection and legal prosecution by law enforcement agencies.

According to BleepingComputer, only six out of 62 AV engines on VirusTotal indicate BotenaGo as malicious, and a few of them identify it as Mirai.

BotenaGo M.O.

As reported by BleepingComputer the botnet incorporates 33 exploits that will be used for a spread of routers, modems, and NAS devices.

AT&T researchers investigated the new botnet and discovered that it targets many devices with features that exploit the holes mentioned above.

The BotenaGo malware starts by initializing global infection counters that will be printed to the screen, informing the hacker about total successful infections.(Figure 2)

It then looks for the ‘dlrs’ folder in which to load shell scripts files. A loaded script will be concatenated as ‘echo -ne %s >> ‘. If

Read More: