Is Btloader on my network?

Archive
1

(I wasn't sure which product/service to select.  I have Norton 360 Premium)

My Synology RT6600ax router has Threat Prevention.  It has alerted me about a DNS lookup for btloader.com. "Commonly Abused Content Delivery Network Domain in DNS Lookup (btloader .com)".  (I'm never quite sure if alert means it also blocked it or not.  Hope it blocked it)

Also I also see my 2 Android devices giving this Alert: "Observed Abused Content Delivery Network Domain (btloader .com in TLS SNI)"

Is Btloader Windows malware?  Does this mean some sort of malware associated with btloader is on my network?  If so, why didn't Norton detect it on my Windows machine?

Or does Btloader also do stuff on Android?

Any suggestions for next steps?

... time passes ...

   I'm not sure where the information below the post comes from about my windows version, but I have Windows 11 Pro version 22H2 (OS Build 22621.1485).

   And the Windows Security Secure Boot is turned on and has a green check by it.

   The Samsung S10 devices have Knox and ATT protection.  ATT ActiveArmor says my device has Root Access detection on. (not sure exactly what that is)

2

Hello. btloader . com is associated with "blockthrough application" as such I certainly would not trust it. 

I would update your router firmware and reboot the router to check whether the issues persists or abates. Please let us know your status when that is accomplished so we may follow up. 

https://www.synology.com/en-us/security/advisory/Synology_SA_22_25

If you are seeing Alert: "Observed Abused Content Delivery Network Domain (btloader .com in TLS SNI)" in your router logs most likely they are informative only since TLS SNI shows for the blocking of URL snooping issues. If you are also seeing alerts from Norton regarding the same it means  Norton is stopping the probes at its endpoint as detected.

A few things quickly stand out for me with your situation though. 1 - Your Norton product should be updated to the latest version 22.23.3.8. 2- Check your router firmware, Synology Router Manager (SRM) should be updated per the following guidelines in the above linked article from Synology for your router, 3 - OS Build 22621.1485 is an Windows Insider Preview build. Although Norton does NOT guarantee its products to function properly with insider builds I have found in the past that I have done so without issues. Each users mileage will vary of course.

 

Related: https://www.bleepingcomputer.com/news/security/synology-fixes-maximum-severity-vulnerability-in-vpn-routers/

SA