Cybersecurity researchers at AT&T Alien Labs have announced the identification of a new family of malware that attacks routers and Connected Objects (IoT). They named it BotenaGo. They point out that it potentially affects millions of devices. To achieve this, it exploits nearly 30 different vulnerabilities.
AT&T Alien Labs researchers note that BotenaGo has similarities to the Mirai botnet and is recognized as such by antivirals. However, they explained that the malware payload was written in Go, an increasingly popular programming language that makes it difficult to detect. In VirusTotal, BotenaGo was detected by only 6 out of 62 antiviruses.
“Malware developers continue to develop new scripting techniques and enhance the capabilities of the malware,” said Ofer Caspi, security researcher at Alien Labs. “In the case of BotenaGo, it can be managed as a base and used on different operating systems with simple processing.”
Another notable fact, code analysis revealed that the hackers have a counter, which allows them to see how many devices are infected in real time. Once contaminated, devices can be used to compromise a network or infect new devices.
Malware is still inactive
Although millions of devices can be compromised, researchers have found that the malware does not currently connect to any controlled server. The researchers suggest two possibilities to explain this lack of activity. The first is that this is just a beta version that accidentally ended up on the Internet. The second possibility the researchers considered, BotenaGo could be just one unit of a larger group of malware and would be used to target specific devices.
Regardless of the true origin of the malware, researchers recommend updating all connected objects, in order to reduce the number of vulnerabilities that hackers can use. Finally, Connected Object Network administrators are advised to stay on top of any unusual bandwidth usage.
