BotenaGo Botnet: Actively Infecting IoT Devices, Its Goal is Unknown


A new large-scale attack against Internet-of-Things (IoT) devices has been identified by cybersecurity vendors. The attack appears to enslave devices in order to make them a part of the new BotenaGo Botnet. This threat is written in the Google Go language, and it has been rapidly gaining size over the past few weeks. Allegedly, the criminals behind the operation are going after millions of devices simultaneously, and they are constantly evolving their payloads in order to evade security measures. TO protect IoT devices, users should use strong login credentials, and also make sure to apply the latest security patches and updates to their device's firmware.

Although some antivirus products identify the BotenaGo Botnet as the Mirai Botnet, there are not many similarities between the two projects – it is likely to be a false positive. While the BotenaGo Botnet might not be based on one of the most popular botnets in recent years, it is still very dangerous. Its creators are utilizing over 30 different exploits to attack routers, modes, network-attached storage (NAS) devices, and other systems.

BotenaGo Botnet Devices Have not been Weaponized Yet

The BotenaGo Botnet payload executes a set of commands, which might vary depending on the make and model of the victim's device. The end-goal is to enslave the device, so that it will be available for the future operations of the botnet. However, it seems that the BotenaGo Botnet might not be fully operational yet – no connections to a remote control server have been found. It is not clear what is the reason for this – researchers suspect that the malware might have been leaked accidentally, and its operators are still preparing to weaponize it fully.  

All of your Internet-connected devices can be the target of hacking attempts, so you should never underestimate their security. Make sure to use secure login credentials, and always change the default login that the device uses. Furthermore, make sure to regularly check for pending updates, since these will take care of the known vulnerabilities that the BotenaGo Botnet and similar malware exploit.

By Ruik
November 12, 2021
November 12, 2021