Millions of Routers and IOT Devices Vulnerable to Malware Code Uploaded to Github
The source code of a dangerous strain of malware that encompasses more than 30 exploits for various routers and IOT devices has recently surfaced on Github, placing millions of devices at risk.
Security experts say that releasing the code on Github could lead to an increase in cyberattacks, as threat actors could easily use it in their own attack campaigns or create new malware strains based on it.
AT&T Alien Labs first spotted the malware, called BotenaGo, last November. The malware, written in Google’s Golang (Go) open-source programming language, can help attackers execute remote shell commands on compromised systems.
BotenaGo hosts more than 30 vulnerability exploits for vendors such as D-Link, Netgear, Linksys and Tenda. The malware receives commands for targeting victims in two different ways, an Alien Labs analysis shows.
In one scenario, the malware creates two backdoor ports to listen and receive the target’s IP address, while the other involves deploying a listener to the system I/O input and using it to receive target intel.
Upon discovery, researchers pointed out that, although the malware can receive commands remotely, it lacks a command and control (C&C) infrastructure. However, things seem to have changed, as one new BotenaGo variant is designed to use a C&C server, according to an Alien Labs report.
Reportedly, BotenaGo’s payload links were similar to those used by Mirai botnet malware operators, which led researchers to believe that Mirai threat actors use BotenaGo to target known, vulnerable devices.
Despite its light frame (only 2,981 lines of code), the newly discovered malware packs a serious punch, considering that it hosts more than 30 vulnerability exploits for router and IOT devices. These include, but are not limited to:
- CVE-2020-10987- Tenda AC15 AC1900 version 15.03.05.19
- CVE-2020-9054- Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2
- CVE-2020-9377- D-Link DIR-610
- CVE-2017-6077, CVE-2017-6334- NETGEAR DGN2200 devices with firmware through 10.0.0.50
- CVE-2018-10561, CVE-2018-10562- GPON home routers
Last but not least, the malware also has a low detection rate; at the time of the discovery, only three of 60 antivirus engines were reportedly able to detect new BotenaGo samples.
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022
Why and how to hide your IP address while traveling
April 13, 2022
How Bitdefender Can Help Restore Your Privacy in the Digital Age
April 04, 2022
How Strong is VPN Encryption?
February 28, 2022
Top Three Ways Internet Users Unknowingly Help Cybercriminals
February 25, 2022