close
Business Technology

GitHub Becomes Host for BotenaGo Botnet Code Leak, Millions of Devices at Risk

Security-Threat-Microsoft-696×464 (1)

Source code for the BotenaGo botnet has leaked on Microsoft’s GitHub open source repository. According to security experts, the leak puts millions of IoT (Internet of Things) and routers at risk. This is a recently discovered malware that is built on Google’s Golang programming language.

A team at AT&T Alien Labs disclosed the issue last week and describe it as a malware that is hard to detect. First discovered in November 2021, the botnet has been the base of several previous attacks. However, with the source code for the malware now available, more campaigns are likely.

Indeed, leaking the source code onto GitHub “can potentially lead to a significant rise of new malware variants as malware authors will be able to use the source code and adapt it to their objectives,” Alien Labs security researcher Ofer Caspi explains. “Alien Labs expects to see new campaigns based on BotenaGo variants targeting routers and IoT devices globally.”

Caspi points out that anti-virus software is still not doing a fantastic job detecting the malware. Even the first samples of the BotenaGo malware from last year are managing to find a way past AV software. Once onto a system, the botnet delivers the common Mirai malware and is also expanding to other malware payloads.

Leak

One of the most interesting aspects of the situation is that the source code leak happened before the discovery of the malware in wider circles. Alien Labs says the leak was available since Oct. 16, around a month before it first “discovered” the botnet.

A threat actor now has easy access to the source code of the botnet and can modify it to make the malware stronger, more efficient, or more dangerous. It is worth noting the same GitHub repository also has other hacking tools.

Alien Labs says the BotenaGo malware has low code by is still efficient. It delivers its attacks on just 2,891 lines of code, which includes any comments and empty lines. Back in November, the research team said the botnet could exploit 33 vulnerabilities.

“Today, BotenaGo variants serve as a standalone exploit kit and as a spreading tool for other malware,” Caspi says. “Now with its source code available to any malicious hacker, new malicious activity can be added easily to the malware. Alien Labs sees the potential for a significant increase in these malware variants, giving rise to potentially new malware families that could put millions of routers and IoT devices at risk of attack.”

Tip of the day: After years of hefting a laptop around, you inevitably build up a menagerie of Wi-Fi networks. For the most part, they’ll sit on your PC, hardly used, but at times a change in configuration can make it difficult to connect to a network your computer already remembers. At this point, it can be beneficial to make Windows forget a Wi-Fi network and delete its network profile.

Souce Winbuzzer

 

Juliana Luwoye

The author Juliana Luwoye

Leave a Response