Cybersecurity researchers have shared insight into a new malware that employs over thirty exploits and can potentially tie millions of routers, modems, network-attached storage (NAS), and Internet of Things (IoT) devices into a botnet.
Discovered by AT&T’s Alien Labs, the new malware, dubbed BotenaGo, is written in the open source Go programming language, which has become popular with malware authors of late, thanks to Its ability to code payloads that are harder to detect and reverse engineer, according to BleepingComputer.
This is also evident in the of BotenaGo, which is flagged by only six out of the 62 antivirus engines on VirusTotal, with some falsely identifying it as the Mirai botnet.
“Malware authors continue to create new techniques for writing malware and upgrading its capabilities. In this case, [BotenaGo] can run as a botnet on different OS platforms with small modifications,” writes Ofer Caspi Security Researcher at Alien Labs.
Unusual botnet
According to the researchers, the malware creates a backdoor and waits to either receive a target to attack from a remote operator or from another related module running on the same machine.
Surprisingly, BotenaGo does not appear to have any active communication to its command and control (C2) server, confounding the researchers as to its operation.
The researchers have several theories, one being that the malware is still under development, and was released in the wild accidentally. Another theory is that the malware could actually be part of a "malware suite” in which case there will be another module that does the communication with the C2 server.
In either case, the researchers suggest admins always keep an eye on outgoing network traffic to watch for unreasonable bandwidth usage.
Build a digital moat around your network using one of these best firewall apps and services
