HinataBot is a New Malware Threat Written in GoLang
A recently discovered botnet named HinataBot, built on the Golang platform, is taking advantage of known vulnerabilities in routers and servers to launch distributed denial-of-service (DDoS) attacks.
The creator of the malware appears to have named it after a character from the Naruto anime series. The botnet is distributed through various methods, including exploiting security flaws in Huawei HG532 routers and Realtek SDK devices, and exposed Hadoop YARN servers. Attackers are taking advantage of unpatched vulnerabilities and weak credentials, which are well-known and documented entry points that do not require complex social engineering tactics.
The attackers behind HinataBot have been active since at least December 2022, and they switched from a generic Mirai variant to their custom malware in January 2023. Recent artifacts detected in Akamai's HTTP and SSH honeypots indicate that HinataBot is still under active development and evolving. The malware can communicate with a command-and-control (C2) server to receive instructions and launch attacks against a specified IP address for a specific duration.
While early versions of HinataBot could use various protocols for DDoS attacks, the latest version only uses HTTP and UDP, and the reason for this change is not yet clear.
How Are Botnets Similar to HinataBot Used to Run DDoS Attacks?
Botnets like HinataBot are frequently used to launch DDoS attacks. In a DDoS attack, a large number of devices, often compromised computers or Internet of Things (IoT) devices, are used to flood a target with an overwhelming amount of traffic. This flood of traffic causes the targeted system to slow down, become unresponsive, or even crash.
A botnet is a network of devices that have been compromised and are under the control of a hacker or group of hackers. Once a device is compromised, it can be remotely controlled by the botnet's operators, without the owner's knowledge. These compromised devices are then used to launch DDoS attacks, with the botnet's operators directing the devices to send traffic to a target IP address or domain.
HinataBot, like other botnets, can be used to launch a variety of DDoS attacks, including volumetric attacks that flood the target with traffic, application layer attacks that target specific vulnerabilities in the application layer, and protocol attacks that exploit vulnerabilities in network protocols. The ability to launch these types of attacks makes botnets a powerful tool for cybercriminals seeking to disrupt or take down online services.
To prevent becoming part of a botnet, it's important to keep devices up to date with the latest security patches, use strong passwords and two-factor authentication, and be cautious when downloading software or clicking on links from unknown sources. It's also essential to have a DDoS protection plan in place to mitigate the impact of an attack.
