A new form of malware has emerged that exploits dozens of flaws, targeting and attacking millions of routers and ‘Internet of Things’ devices. First detailed by AT&T Alien Labs researchers, the ‘BotenaGo’ malware is written in the open-source programming language Golang and deployed with more than 30 different exploit functions to hit a target.
The malware creates a backdoor and waits to get a target to attack from a remote operator.
The name of the malware is derived from its distribution methods. BotenaGo is targeting IoT devices and Linux-embedded routers using botnets (networks of hijacked devices).
No link to a command-and-control server
When BotenaGo gets a command from its operator, it executes remote shell commands (instructions) on a device that has been successfully exploited. The malware uses different links with different payloads, depending on the system targeted.
This piece of malware is different from others, according to the researchers, because it does not have any active communication with a command-and-control server. Most, if not all, forms of malware have such a link.
The researchers admitted that they do not understand why there is no link. The best guess is that the malware is part of a more extensive suite and only one arm of a broader attack.
Any other guesses?
The next best guesses include that BotenaGo could be part of the Mirai malware or still in the beta phase and was leaked.
Malware authors, the researchers say, continue to innovate new techniques for writing malware and upgrading its capabilities. In this case, writing using Golang means the botnet can run on different operating systems with only a few modifications.
As always, the best defenses remain regular updates, traffic network monitoring, and reducing attack surfaces or exposure to the internet of Linux servers and IoT devices, along with properly configured firewalls.