Skip to main content

A new botnet is launching attacks on millions of routers and IoT devices

Botnet
(Image credit: Shutterstock / BeeBright)

Cybersecurity researchers have shared insight into a new malware that employs over thirty exploits and can potentially tie millions of routers, modems, network-attached storage (NAS), and Internet of Things (IoT) devices into a botnet.

Discovered by AT&T’s Alien Labs, the new malware, dubbed BotenaGo, is written in the open source Go programming language, which has become popular with malware authors of late, thanks to Its ability to code payloads that are harder to detect and reverse engineer, according to BleepingComputer.

This is also evident in the of BotenaGo, which is flagged by only six out of the 62 antivirus engines on VirusTotal, with some falsely identifying it as the Mirai botnet.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

“Malware authors continue to create new techniques for writing malware and upgrading its capabilities. In this case, [BotenaGo] can run as a botnet on different OS platforms with small modifications,” writes Ofer Caspi Security Researcher at Alien Labs.

Unusual botnet

According to the researchers, the malware creates a backdoor and waits to either receive a target to attack from a remote operator or from another related module running on the same machine.

Surprisingly, BotenaGo does not appear to have any active communication to its command and control (C2) server, confounding the researchers as to its operation. 

The researchers have several theories, one being that the malware is still under development, and was released in the wild accidentally. Another theory is that the malware could actually be part of a "malware suite” in which case there will be another module that does the communication with the C2 server. 

In either case, the researchers suggest admins always keep an eye on outgoing network traffic to watch for unreasonable bandwidth usage.

Build a digital moat around your network using one of these best firewall apps and services

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.