BotenaGo Source Code Leak Exposes More IoT Devices

The authors of the BotenaGo malware that left millions of IoT devices exposed back in November have published its source code on GitHub, making it easily accessible to any malicious hacker or malware developer.

AT&T Alien Labs researchers made the discovery that they expect could spur new cybercriminal campaigns leaving more routers and IoT devices at risk.

The backdoor vulnerability gives attackers access to 33 exploits capable of forcing entry into various network routers and firewalls. It can be used as a stand-alone exploit kit or as a launching pad for other malware attacks. 

With the leak, hackers can download and tweak the source code to launch modified IoT incursions or choose to leave the code unchanged to quickly mount criminal campaigns. AT&T says “with only 2,891 lines of code, BotenaGo has the potential to be the starting point for many new variants and new malware families using its source code.”

Most antivirus products fail to identify BotenaGo making it difficult to remove from IT machines. Early signs show GitHub will make BotenaGo even more stealthy. AT&T Alien Labs found just three of 60 antivirus tools flagged the malware’s presence correctly, down from 6 in 62 in the initial scare last year.

The news is cause for concern given that leaked source code led to a spike in botnet attacks from the Mirai malware in 2016, said Alien Labs. With source code available on GitHub, cybercriminals have easy access to information on not only the botnet itself but also its infrastructure and step-by-step walkthroughs on implementation.