A new botnet named BotenaGo has been seen in the wild targeting a number of IoT devices and routers. AT&T’s Alien Labs published a report about the recently discovered malware and stated that it can exploit up to 30 different vulnerabilities against its targets. BotenaGo is written in the open-source programming language Golang - a programming language designed by Google with networking in mind.
Researchers are not sure who is behind the exploit, but the malware-scanning tool, Shodan, showed that BotenaGo could be a modified version of a malware botnet called Mirai. Mirai was last used in 2016 to carry out DDoS attacks. Despite the malware scan, AT&T Alien Labs doesn’t believe that Mirai and BotenaGo are one in the same. The two malware don’t have the same attack functions, but it’s possible that they were designed to work together.
BotenaGo is capable of creating botnets that function across a variety of device types, gaining access to networks and allowing hackers to carry out DDoS attacks. Additionally, the malware creates a backdoor and waits to receive a target to attack through port 19412 or from another related module running on the same machine The Botnet exploits devices with flaws related to the following CVEs:
Although BotenaGo is still in the beta phase and has been accidentally leaked, any botnet with this kind of potential is particularly concerning for the health care industry and other industries. Researchers are not sure how many devices BotenaGo has infected or how widespread the malware has become. Considering hospitals and other medical facilities run their daily operations using IoT devices, it’s always a good idea to be vigilant with addressing exploits like BotenaGo before they get a chance to infect systems and devices.