This devious new malware targets your DVR

Date:
Wed, 20 Apr 2022 19:00:02 +0000

Description:
Cybercriminals have created a new variant of the BotenaGo malware that exclusively targets Lilin DVR devices for security cameras.

FULL STORY ======================================================================

A new variant of the BotenaGo malware that exclusively targets DVR for security camera systems has been spotted in the wild by security researchers.

For those unfamiliar, BotenaGo is a relatively new malware written in Googles open source Golang programming language. While it was originally used to target IoT devices in an effort to create botnets, BotenaGos source code was leaked online back in October of last year.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99.

In the time since, cybercriminals have developed several new variants of the malware while also improving the original by adding new exploits to target millions of connected devices.

Now though, Nozomi Networks Labs has discovered a new variant that appears to be derived from the leaked source code. However, the sample analyzed by the firms security researchers exclusively targets Lilin security camera DVR devices which is why it has been dubbed Lillin scanner. Lillin BotenaGo variant

Another thing that sets Lillin scanner apart from the original BotenaGo malware is that the variant is currently undetected by every antivirus engine on VirusTotal.

According to a report from BleepingComputer , this could be because the malware variants authors have removed all of the exploits found in the original BotenaGo. Instead, theyve written the malware to only focus on Lilin DVRs by exploiting a two-year-old critical remote code execution vulnerability. Casting a smaller net for potential targets makes sense in
this case as there are still a significant number of unpatched Lilin DVR devices in the wild.

That Android antivirus could actually be malware

Raspberry Pi can now detect malware without any software

This Borat-themed malware is not funny in the slightest

An additional key difference between BotenaGo and Lillin scanner is that the new malware variant leverages an external mass-scanning tool to create lists of the IP addresses of vulnerable devices. Nozomis researchers also highlight the fact in their blog post on the matter that the cybercriminals behind Lillin scanner have specifically programmed it to avoid infecting IP
addresses that belong to the US Department of Defense (DOD), the US Postal Service (USPS), General Electric, Hewlett Packard and other businesses.

Once a vulnerable device is infected by Lillin scanner, Mirai payloads are then downloaded and executed on it. Still though, this new BotenaGo variant isnt such a massive threat as it only targets devices from a specific manufacturer. Protect all of the devices on your network with one of the best firewalls

Via BleepingComputer



======================================================================
Link to news story: https://www.techradar.com/news/this-devious-new-malware-targets-your-dvr/


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)