This devious new malware targets your DVR

New BotenaGo malware variant only targets Lilin DVR devices

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A new variant of the BotenaGomalwarethat exclusively targetsDVR for security camerasystems has been spotted in the wild by security researchers.

For those unfamiliar,BotenaGois a relatively new malware written inGoogle’s open sourceGolangprogramming language. While it was originally used to targetIoTdevices in an effort to create botnets, BotenaGo’s source code was leaked online back in October of last year.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022.Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

In the time since, cybercriminals have developed several new variants of the malware while also improving the original by adding new exploits to target millions of connected devices.

Now though,Nozomi Networks Labshas discovered a new variant that appears to be derived from the leaked source code. However, the sample analyzed by the firm’s security researchers exclusively targets Lilin security camera DVR devices which is why it has been dubbed “Lillin scanner”.

Lillin BotenaGo variant

Another thing that sets Lillin scanner apart from the original BotenaGo malware is that the variant is currently undetected by everyantivirusengine on VirusTotal.

According to areportfromBleepingComputer, this could be because the malware variant’s authors have removed all of the exploits found in the original BotenaGo. Instead, they’ve written the malware to only focus on Lilin DVRs by exploiting a two-year-old critical remote code execution vulnerability. Casting a smaller net for potential targets makes sense in this case as there are still a significant number of unpatched Lilin DVR devices in the wild.

That Android antivirus could actually be malware>Raspberry Pi can now detect malware without any software>This Borat-themed malware is not funny in the slightest

An additional key difference between BotenaGo and Lillin scanner is that the new malware variant leverages an external mass-scanning tool to create lists of theIP addressesof vulnerable devices. Nozomi’s researchers also highlight the fact in theirblog poston the matter that the cybercriminals behind Lillin scanner have specifically programmed it to avoid infecting IP addresses that belong to the US Department of Defense (DOD), the US Postal Service (USPS), General Electric,Hewlett Packardand other businesses.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Once a vulnerable device is infected by Lillin scanner,Miraipayloads are then downloaded and executed on it. Still though, this new BotenaGo variant isn’t such a massive threat as it only targets devices from a specific manufacturer.

ViaBleepingComputer

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Trying to get the AMD Ryzen 7 9800X3D CPU? It seems only scalpers have it and they’re jacking up the price