A new botnet is launching attacks on millions of routers and IoT devices

Malware may have been released accidentally, suggest researchers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityresearchers have shared insight into a newmalwarethat employs over thirty exploits and can potentially tie millions ofrouters,modems, network-attached storage (NAS), and Internet of Things(IoT)devices into a botnet.

Discovered by AT&T’s Alien Labs, the new malware, dubbed BotenaGo, is written in theopen sourceGo programming language, which has becomepopular with malware authorsof late, thanks to Its ability to code payloads that are harder to detect and reverse engineer, according toBleepingComputer.

This is also evident in the of BotenaGo, which is flagged by only six out of the 62 antivirus engines on VirusTotal, with some falsely identifying it as theMirai botnet.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

“Malware authors continue to create new techniques for writing malware and upgrading its capabilities. In this case, [BotenaGo] can run as a botnet on different OS platforms with small modifications,”writesOfer Caspi Security Researcher at Alien Labs.

Unusual botnet

According to the researchers, the malware creates a backdoor and waits to either receive a target to attack from a remote operator or from another related module running on the same machine.

Surprisingly, BotenaGo does not appear to have any active communication to its command and control (C2) server, confounding the researchers as to its operation.

The researchers have several theories, one being that the malware is still under development, and was released in the wild accidentally. Another theory is that the malware could actually be part of a “malware suite” in which case there will be another module that does the communication with the C2 server.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In either case, the researchers suggest admins always keep an eye on outgoing network traffic to watch for unreasonable bandwidth usage.

Build a digital moat around your network using one of thesebest firewallapps and services

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well