Malware source code discovered on GitHub puts millions of IoT devices at risk
The nefarious minds behind a dangerous malware called BotenaGo have uploaded the source code to GitHub on October 16th 2021 according to new research by security researchers at AT&T Alien Labs. This could mean hackers around the world, who now have access to this source code, have the ability to create their own versions of the malware and adapt it to their own attack objectives.
There is concern BotenaGo malware ‘variant’s’ will begin to surface quickly and go largely undetected because, as it stands, antivirus (AV) vendor detection for BotenaGo and its variants remains behind with very low detection coverage from most of AV vendors – only 3 out 60 can detect it.
Ofer Caspi, malware researcher at AT&T Alien Labs, stated they “expect to see new campaigns based on BotenaGo variants targeting routers and IoT devices globally.”
In November 2021, AT&T Alien Labs had published research detailing the discovery of the BotenaGo malware which hadn’t been previously seen. The malware is written in the open-source programming language Golang contains a total of only 2,891 lines of code (including empty lines and comments) and has been described as “simple yet efficient”.
It contains key malware capabilities such as:
Reverse shell and telnet loader, which are used to create a backdoor to receive commands from its operator
Automatic set up of the malware’s 33 exploits, giving the hacker a “ready state” to attack a vulnerable target and infect it with an appropriate payload based on target type or operating system
The BotenaGo malware can exploit vulnerabilities in IoT devices like routers including those manufactured by Netgear, D-Link, Linksys and ZTE.
The post Malware source code discovered on GitHub puts millions of IoT devices at risk appeared first on IT Security Guru.