In information security, talk about botnets equals talk about malicious actions that materialize through criminal action. In essence, we think there is always a hostile attitude on the part of those who administer them. Please correct me colleagues, refute this if I'm wrong, but I think conceptually you agree with me.
BoteAR (developed in Argentina) adopts the concept of "social networks" although it seems, as yet, not fully materialized. It offers a conventional and manageable botnet via HTTP but uses the model of crimeware-as-a-service. Moreover, the author seems to adopt (maybe unknowingly) the business model of affiliate systems originating in Eastern Europe which are used to spread malware i.e. infect and get revenue for each node you infect.
So far nothing unusual, unfortunately we witness this kind of tactic every day. The striking thing about BoteAR though is that it tries to shield itself under a wrapper of security in an attempt to "fraternize" with its community.
"Botnet Security: Take control of remote machines and control user actions." This is the slogan of the malicious application but… come on! There is something I do not understand! Is this a security application that allows you to mitigate botnet attacks? Of course not! According to the author, it is used to steal information of users through a trojan. The image below refers to the BoteAR website and describes (in Spanish) some functionalities of the malicious app:
Let's inspect each of the assertions they make (highlighted by red boxes above) and demonstrate why their actions are malicious:
While for now this idea has not spread it will probably get many followers soon. But the BoteAR author does not hesitate to "whiten" your status because their data is public. Also, they attempt to be like "Pontius Pilate" and washing their hands from any responsibility for the “misuse” of the botnet. The question is can there ever be "good use" of it? Can a botnet have this characteristic?
But still, I think that the BoteAR author maybe has not yet considered all the legal ramifications and the real impact that these actions can lead to. So better prevent, or rather, warn, before they actually steal login credentials to online banking of someone in Argentina or another country where it is legally punishable for this action, or that a major corporate site is affected by a DDoS attack.
The following image is part of the code of the malicious agent. Clearly the text does not need much explanation: there are functions that allow interactions to materialize into phishing attacks. But keep in mind that in addition to phishing attacks, the malicious app was designed to, among other things, remotely control the computer through the browser and run exploits, including modules for 0-Day exploits.
Sharing the words of a friend, indeed, behind this type of effort, a factor of considerable importance is the real motivation of malware authors because ultimately and far beyond the actions of malware itself, we know that in many cases the way to reach people, whether to sell or steal, is trying to create less crime and be more social. But, equally it is cybercrime.