BleepingComputer reports that a stealthy new version of the BotenaGo botnet malware unidentified by VirusTotal antivirus engines has been attacking Lilin security camera DVR devices. Leaked BotenaGo source code may have been used for the novel variant, which has been discovered by Nozomi Networks Labs researchers to be leveraging a two-year-old critical remote code execution vulnerability to target Lilin DVRs. Researchers also discovered that threat actors could use the new BotenaGo variant to facilitate remote arbitrary code execution that could then result in Mirai payload downloads, with some of the payloads uploaded as recently as last month. The U.S. Department of Defense, U.S. Postal Service, Hewlett-Packard, and General Electric are some of the entities excluded by Mirai, according to researchers. Researchers also emphasized that despite the inclusion of second-stage Mirai botnet, the new BotenaGo malware variant, with its specific targets and manual propagation techniques, does not pose a massive threat to internet of things devices.