The nefarious minds behind a dangerous malware called BotenaGo have uploaded the source code to GitHub on October 16th 2021, according to new research by AT&T Alien Labs. This could mean hackers around the world, who now have access to this source code, will have the ability to create their own versions of the malware and adapt it to their own attack objectives.
There is concern BotenaGo malware ‘variants’ will begin to surface quickly and go largely undetected because, as it stands, antivirus (AV) vendor detection for BotenaGo and its variants remains behind, with very low detection coverage from most of AV vendors – only 3 out of 60 can currently detect it.
Ofer Caspi, malware researcher at AT&T Alien Labs, stated they “expect to see new campaigns based on BotenaGo variants targeting routers and IoT devices globally.”
In November 2021, AT&T Alien Labs™ had published research detailing the discovery of the BotenaGo malware which hadn’t been previously seen. The malware is written in the open-source programming language Golang, contains a total of only 2,891 lines of code (including empty lines and comments) and has been described as “simple yet efficient”.
It contains key malware capabilities such as:
- Reverse shell and telnet loader, which are used to create a backdoor to receive commands from its operator
- Automatic set up of the malware’s 33 exploits, giving the hacker a “ready state” to attack a vulnerable target and infect it with an appropriate payload based on target type or operating system
The BotenaGo malware can exploit vulnerabilities in IoT devices like routers including those manufactured by Netgear, D-Link, Linksys and ZTE.