This devious new malware targets your DVR

News
By published

New BotenaGo malware variant only targets Lilin DVR devices

Malware
(Image credit: solarseven / Shutterstock)

A new variant of the BotenaGo malware that exclusively targets DVR for security camera systems has been spotted in the wild by security researchers.

For those unfamiliar, BotenaGo is a relatively new malware written in Google’s open source Golang programming language. While it was originally used to target IoT devices in an effort to create botnets, BotenaGo’s source code was leaked online back in October of last year.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

In the time since, cybercriminals have developed several new variants of the malware while also improving the original by adding new exploits to target millions of connected devices.

Now though, Nozomi Networks Labs has discovered a new variant that appears to be derived from the leaked source code. However, the sample analyzed by the firm’s security researchers exclusively targets Lilin security camera DVR devices which is why it has been dubbed “Lillin scanner”.

Lillin BotenaGo variant

Another thing that sets Lillin scanner apart from the original BotenaGo malware is that the variant is currently undetected by every antivirus engine on VirusTotal.

According to a report from BleepingComputer, this could be because the malware variant’s authors have removed all of the exploits found in the original BotenaGo. Instead, they’ve written the malware to only focus on Lilin DVRs by exploiting a two-year-old critical remote code execution vulnerability. Casting a smaller net for potential targets makes sense in this case as there are still a significant number of unpatched Lilin DVR devices in the wild.

> That Android antivirus could actually be malware

> Raspberry Pi can now detect malware without any software

> This Borat-themed malware is not funny in the slightest

An additional key difference between BotenaGo and Lillin scanner is that the new malware variant leverages an external mass-scanning tool to create lists of the IP addresses of vulnerable devices. Nozomi’s researchers also highlight the fact in their blog post on the matter that the cybercriminals behind Lillin scanner have specifically programmed it to avoid infecting IP addresses that belong to the US Department of Defense (DOD), the US Postal Service (USPS), General Electric, Hewlett Packard and other businesses.

Once a vulnerable device is infected by Lillin scanner, Mirai payloads are then downloaded and executed on it. Still though, this new BotenaGo variant isn’t such a massive threat as it only targets devices from a specific manufacturer.

Via BleepingComputer

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
TP-Link and NR routers targeted by worrying new botnet
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Dangerous new botnet targets webcams, routers across the world
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Industrial routers are being hit by zero-days from new Mirai botnets
A display showing off the Google TV homepage, with icons for 1917, Scoob!, YouTube and Twitch (among others)
This dangerous malware botnet now covers 1.6 million Android TVs - find out if you're at risk
botnet
Another top security camera maker is seeing devices hijacked into botnet
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
The iPhone 16 Pro Max and Samsung Galaxy S25 Ultra

5 things I want from the iPhone 17 – or I’m out and back to Android
See more latest
Most Popular
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space