The source code for a deadly malware strain that includes over 30 vulnerabilities for various routers and IoT devices has just leaked on Github, putting millions of devices at risk. According to security experts, the release of the code on Github might increase attacks since threat actors could simply exploit it in their attack operations or construct new malware strains based on it.
Last November, AT&T Alien Labs discovered the BotenaGo malware. This malware, created in Google’s open-source Golang (Go) programming language, can assist attackers in executing remote shell commands on infected devices. More than 30 vulnerability exploits for D-Link, Netgear, Linksys, and Tenda may be found on BotenaGo.
The Alien Labs’ research reveals that the malware receives orders for targeting victims in two ways. In one case, the malware installs two backdoor ports to listen for and receive the target’s IP address, while in another, a listener is deployed to the system I/O input and used to obtain target information.
Researchers discovered that it lacks a command and control (C&C) infrastructure despite the malware’s ability to receive orders remotely. Things appear to have changed since one new BotenaGo variation is meant to employ a command and control server, as per an Alien Labs report.
BotenaGo’s payload URLs were said to be identical to those used by Mirai botnet malware operators, leading researchers to think Mirai threat actors are using BotenaGo to target known, susceptible devices. Despite the relatively light frame (just 2,981 lines of code), the newly found virus delivers a punch, as it contains more than 30 router and IoT device vulnerability exploits.
Among them include, but are not limited to:
- CVE-2020-9377– D-Link DIR-610
- CVE-2018-10561, CVE-2018-10562– GPON home routers
- CVE-2020-10987– Tenda AC15 AC1900 version 15.03.05.19
- CVE-2020-9054– Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2
- CVE-2017-6077, CVE-2017-6334– NETGEAR DGN2200 devices with firmware through 10.0.0.50
Last but not least, the detection rate of malware is low; just three out of 60 antivirus engines were apparently able to detect fresh BotenaGo samples at the time of discovery.