Millions of IoT Devices And Routers Open to Malware Code Released on Github

Millions of IoT Devices And Routers Open to Malware Code Released on Github

The source code for a deadly malware strain that includes over 30 vulnerabilities for various routers and IoT devices has just leaked on Github, putting millions of devices at risk. According to security experts, the release of the code on Github might increase attacks since threat actors could simply exploit it in their attack operations or construct new malware strains based on it.

Last November, AT&T Alien Labs discovered the BotenaGo malware. This malware, created in Google’s open-source Golang (Go) programming language, can assist attackers in executing remote shell commands on infected devices. More than 30 vulnerability exploits for D-Link, Netgear, Linksys, and Tenda may be found on BotenaGo. 

The Alien Labs’ research reveals that the malware receives orders for targeting victims in two ways. In one case, the malware installs two backdoor ports to listen for and receive the target’s IP address, while in another, a listener is deployed to the system I/O input and used to obtain target information. 

Researchers discovered that it lacks a command and control (C&C) infrastructure despite the malware’s ability to receive orders remotely. Things appear to have changed since one new BotenaGo variation is meant to employ a command and control server, as per an Alien Labs report.

BotenaGo’s payload URLs were said to be identical to those used by Mirai botnet malware operators, leading researchers to think Mirai threat actors are using BotenaGo to target known, susceptible devices. Despite the relatively light frame (just 2,981 lines of code), the newly found virus delivers a punch, as it contains more than 30 router and IoT device vulnerability exploits.

Among them include, but are not limited to:

Last but not least, the detection rate of malware is low; just three out of 60 antivirus engines were apparently able to detect fresh BotenaGo samples at the time of discovery.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.