This post is also available in: עברית (Hebrew)
The source code of a dangerous malware sample targeting millions of routers and Internet of Things (IoT) devices has been uploaded to GitHub. Other criminals can now quickly spin up new variants of the tool or use it as is, in their own attacks.
BotenaGo malware was first spotted by researchers at AT&T Alien Labs last November. Written in Go — a programming language that has become quite popular among malware authors – the malware includes exploits for more than 30 different vulnerabilities in products from multiple vendors.
The malware is designed to execute remote shell commands on systems where it has successfully exploited a vulnerability. It resembles the Mirai botnet that closed off internet access for much of the US East Coast in 2016.
Researchers at Alien Labs found that while the malware is designed to receive commands from a remote server, it does not have any active command-and-control communication. This led the security vendor to surmise at the time that BotenaGo was part of a broader malware suite and likely one of multiple tools in an infection chain. The security vendor also found that BotenaGo’s payload links were similar to the ones used by the operators of the infamous Mirai botnet malware. This led Alien Labs to theorize that BotenaGo was a new tool that the operators of Mirai are using to target specific machines that are known to them.
Making the malware publicly available through GitHub could potentially result in a significant increase in BotenaGo variants as other malware authors use and adapt the source code for their specific purposes and attack campaigns, darkreading.com cites a recent Alien Labs blog post.