AT&T researchers found the BotenaGo malware botnet uses 33 exploits to attack millions of routers, modems, network attached storage, and Internet of Things devices.
Once installed, the malware listens on two ports, waiting for an IP address to be sent to it, after which it exploits each vulnerability on that IP address to obtain access.
BotenaGo then executes remote shell commands to recruit the device into the botnet.
The researchers were unable to retrieve any payloads on the hosting server for analysis, nor could they find an active C2 communication between BotenaGo and an actor-controlled server.
The researchers believe BotenaGo is only one part of a multi-stage modular malware attack.
They note that a sample from its early development stage was leaked accidentally into the wild and that the malware is not yet operational.
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA