Security researchers have identified that the source code of BotenaGo has been leaked to GitHub, which now poses threat to millions of IoT devices and routers.
What’s the threat?
Researchers from AT&T labs disclosed that BotenaGo’s samples were uploaded to the GitHub repository on October 16, 2021, almost one month before this malware was publicly revealed.
- BotenaGo comprises 2,891 lines of code, including empty lines and comments, written in Golang.
- This small code is capable of exploiting a total of 33 vulnerabilities (including CVE-2020-10987 in Tenda and CVE-2020-10173 in Comtrend devices) for initial access.
- Moreover, the code includes a reverse shell and a telnet loader, which are the essentials for creating a backdoor for receiving the commands from the C2 server.
- Attackers may readily leverage this source code to target the exposed devices, infecting them with the desired payload.
More discoveries
- Researchers found a new variant of BotenaGo, with a new C2 server and a very low anti-virus detection (3 out of 60 engines of Virus Total).
- Experts also discovered several hacking tools—from several sources—in the same GitHub repository.
- These new samples were used to exploit IoT devices and routers, infecting them with Mirai malware.
Reminiscing the Mirai leak
Researchers suspect that the leak of the source code of BotenaGo could have a similar impact as that of the leak of Mirai’s source code. The leaking of Mirai’s code in October 2016 had resulted in a flood of new malware variants, such as Satori, Moobot, and Masuta.
Ending notes
The leak of such ready-to-use source code of BotenaGo could result in further explosion of new malware variants, putting millions of routers and IoT devices across the globe at risk of infection.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_272671019.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/95c9_shutterstock_369967205.jpg)
