GadgetBond

  • Latest
  • How-to
  • Tech
    • AI
    • Amazon
    • Apple
    • CES
    • Computing
    • Creators
    • Google
    • Meta
    • Microsoft
    • Mobile
    • Samsung
    • Security
    • Xbox
  • Transportation
    • Audi
    • BMW
    • Cadillac
    • E-Bike
    • Ferrari
    • Ford
    • Honda Prelude
    • Lamborghini
    • McLaren W1
    • Mercedes
    • Porsche
    • Rivian
    • Tesla
  • Culture
    • Apple TV
    • Disney
    • Gaming
    • Hulu
    • Marvel
    • HBO Max
    • Netflix
    • Paramount
    • SHOWTIME
    • Star Wars
    • Streaming
Add GadgetBond as a preferred source to see more of our stories on Google.
Font ResizerAa
GadgetBondGadgetBond
  • Latest
  • Tech
  • AI
  • Deals
  • How-to
  • Apps
  • Mobile
  • Gaming
  • Streaming
  • Transportation
Search
  • Latest
  • Deals
  • How-to
  • Tech
    • Amazon
    • Apple
    • CES
    • Computing
    • Creators
    • Google
    • Meta
    • Microsoft
    • Mobile
    • Samsung
    • Security
    • Xbox
  • AI
    • Anthropic
    • ChatGPT
    • ChatGPT Atlas
    • Gemini AI (formerly Bard)
    • Google DeepMind
    • Grok AI
    • Microsoft Copilot
    • OpenAI
    • Perplexity
    • xAI
  • Transportation
    • Audi
    • BMW
    • Cadillac
    • E-Bike
    • Ferrari
    • Ford
    • Honda Prelude
    • Lamborghini
    • McLaren W1
    • Mercedes
    • Porsche
    • Rivian
    • Tesla
  • Culture
    • Apple TV
    • Disney
    • Gaming
    • Hulu
    • Marvel
    • HBO Max
    • Netflix
    • Paramount
    • SHOWTIME
    • Star Wars
    • Streaming
Follow US
Tech

AT&T Alien Labs discovers new Golang malware (BotenaGo) with over 30 exploits that target millions of routers and IoT devices

By
Shubham Sawarkar
Shubham Sawarkar's avatar
ByShubham Sawarkar
Editor-in-Chief
I’m a tech enthusiast who loves exploring gadgets, trends, and innovations. With certifications in CISCO Routing & Switching and Windows Server Administration, I bring a sharp...
Follow:
- Editor-in-Chief
Nov 20, 2021, 7:43 PM EST
Share
We may get a commission from retail offers. Learn more
AT&T Alien Labs discovers new Golang malware (BotenaGo) with over 30 exploits that target millions of routers and IoT devices
SHARE

According to AT&T Alien Labs, malware written in the open-source programming language Golang could attack millions of routers and IoT devices.

BotenaGo is a malware that can attack a target with over 30 different exploit functionalities. It deploys a backdoor and waits for a target to be sent to it via port 19412 from a remote operator or from another related module running on the same machine. According to AT&T, the malware’s actor and the number of compromised devices are still unknown.

Golang, usually known as Go, is a Google-designed open-source programming language that was initially released in 2007 to make it easier for developers to create software. According to recent Intezer research, the Go programming language has risen in popularity among malware creators considerably in recent years. According to the site, there has been a 2000% boost in malware code written in Go that has been discovered in the wild.

The ease with which attackers may compile the same code for different platforms, making it easier for them to distribute malware across multiple operating systems, is one of the reasons for its increased popularity.

According to AT&T Alien Labs security researcher Ofer Caspi, BotenaGo currently has a low antivirus (AV) detection rate, with only 6/62 known AVs seen in VirusTotal.

Some anti-virus software recognizes these new malware types as Mirai malware because the payload connections are identical. However, there are differences between the Mirai malware and the new Go malware variants, including changes in programming languages and malware structures. Mirai is a botnet that communicates with its command and control (C&C). It also has several DDoS capabilities.

The malware strains uncovered by Alien Labs don’t have the same attack capabilities as Mirai malware, and they just hunt for weak systems to transmit the payload. Furthermore, Mirai employs an XOR table to store its strings and other data, as well as to decrypt them when necessary; this is not the case with the new Go malware. As a result, Alien Labs feels this danger is novel and has given it the moniker BotenaGo.

The BotenaGo malware begins by setting up global infection counters, which will be displayed on the screen and alert the hacker of the overall number of successful infections. It then looks in the dlrs folder for shell script files to load. The infection will stop and quit at this stage if the dlrs folder is missing.

The malware then launches a function that starts the malware attack surface by mapping all offensive functions to the relevant string that represents the targeted system. This is the final and most crucial preparation. Each function is associated with a string that represents a possible target system, such as a signature.

To deliver its exploit, the malware sends a simple GET request to the target. The delivered data from the GET request is then compared against each system signature that has been mapped to attack methods.

A search on Shodan yields around 250,000 devices that could be targeted by this function. The malware starts 33 exploit functions in total, all of which are ready to infect potential victims.

BotenaGo’s payload is remote shell commands that will be executed on devices where the vulnerability has been successfully exploited. The malware uses several links, each with a different payload, depending on the affected PC. Because the attackers had removed all of the payloads from the hosted servers at the time of analysis, Alien Labs was unable to evaluate any of them.

BotenaGo has no active connection with its C&C, which raises concerns about how it functions. Alien Labs has a few ideas on how the malware works and how it gets a target to attack.

Alien Labs advises companies to maintain their software up to date with security patches, limit internet access on Linux servers and IoT devices, and use a properly configured firewall. Network traffic, outbound port scans, and excessive bandwidth usage should all be monitored by users.

“Malware authors continue to create new techniques for writing malware and upgrading its capabilities,” said Caspi. “In this case, new malware writing in Golang – which Alien Labs has named BotenaGo – can run as a botnet on different OS platforms with small modifications.”


Discover more from GadgetBond

Subscribe to get the latest posts sent to your email.

Topic:AT&T
Leave a Comment

Leave a ReplyCancel reply

Most Popular

OpenAI rolls out ChatGPT for PowerPoint worldwide

How to watch the new Ghost in the Shell anime series

The Windows 11 taskbar is shrinking down and moving around

Xbox initiates massive restructuring: 1,600 roles cut

Beats launches heavy-duty ‘Power Pink’ cords starting at $19

Also Read
Sony IER-M500 in-ear monitors displayed in three color options—black, blue, and clear—featuring professional over-ear cable hooks, transparent housings that reveal the internal drivers, and a compact design built for stage monitoring and high-fidelity audio performance.

Sony launches the IER-M500: built for gigs, priced for everyone

Samsung Bespoke AI Washer Dryer in a modern laundry room with warm wood cabinetry and minimalist décor, featuring a black front-loading design seamlessly integrated into the home while showcasing its AI-powered smart laundry capabilities.

Samsung’s new Bespoke AI Washer Dryer targets high energy bills

Samsung Galaxy Unpacked teaser image announcing the July 22, 2026 event, featuring a minimalist invitation card with the tagline "A New Shape Unfolds" and a stylized blue foldable-inspired graphic, alongside text confirming the livestream on Samsung.com.

How to claim your $30 credit for Samsung’s next Galaxy phones

Promotional artwork for Batman: Caped Crusader showing Batman charging through a rain-soaked Gotham City with his cape billowing dramatically. The image includes the Prime Original and DC logos, along with text announcing the new season premiering on July 31 on Prime Video.

The pulpy, 1940s-style Gotham returns in Batman: Caped Crusader season 2

Ring Mobile Security Tower deployed in a shopping center parking lot at night, featuring a trailer-mounted surveillance unit with solar panels, a telescoping light pole, and integrated security cameras designed to provide temporary, autonomous monitoring for large outdoor areas.

Ring launches heavy-duty Mobile Security Tower and 4K Elite camera

Minimalist illustration of an AI voice assistant interface on a smartphone, featuring a glowing blue animated orb centered on a clean white screen against a soft blue gradient background, with menu and settings icons suggesting live voice conversation capabilities.

Meet GPT-Live, OpenAI’s smooth new conversational interface

Abstract illustration featuring soft blue gradient waves radiating inward toward the center, where a black play button inside a circular arrow with a sparkle icon symbolizes AI-powered video generation, editing, or media creation.

Google Photos debuts Video Remix for instant, stylized edits

Google's illustration for the Gemini API Managed Agents feature, featuring a black background with a colorful flowing gradient ribbon and the text "Managed Agents" alongside the subtitle "Background Execution, Remote MCP and more," representing AI agents that can perform tasks autonomously in the background and integrate with remote tools and services.

Google upgrades Gemini API to build more resilient AI agents

Company Info
  • Homepage
  • Support my work
  • Latest stories
  • Company updates
  • GDB Recommends
  • Daily newsletters
  • About us
  • Contact us
  • Write for us
  • Editorial guidelines
Legal
  • Privacy Policy
  • Cookies Policy
  • Terms & Conditions
  • DMCA
  • Disclaimer
  • Accessibility Policy
  • Security Policy
  • Do Not Sell or Share My Personal Information
Socials
Follow US

Disclosure: We love the products we feature and hope you’ll love them too. If you purchase through a link on our site, we may receive compensation at no additional cost to you. Read our ethics statement. Please note that pricing and availability are subject to change.

Copyright © 2026 GadgetBond. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | Do Not Sell/Share My Personal Information.