The source code of BotenaGo malware that has been leaked to GitHub was recently discovered by researchers and added that the identity of the culprit who revealed the source code is yet to be confirmed. However, now that the source code is released on a public platform, researchers can tell how the malware works against millions of routers and IoT devices.
BotenaGo’s samples uploaded on GitHub were discovered in October last year. Interestingly enough, the leaked samples came before its operators publicly revealed the malware.
After analysing the malware sample, the researchers discovered nearly 3,000 lines, including empty comments and lines coded in Golang.
Moreover, the remote code can exploit 33 critical vulnerabilities for initial intrusions. Researchers also added that the vital flaws in Tenda (CVE-2020-10987) and Comtrend devices’ (CVE-2020-10173) are on the list of BotenaGo potential exploits.
In addition, the code added a telnet loader and reverse shell that are the requirements for developing a backdoor for receiving the instructions from the command-and-control server. The threat actors can prepare this source code to target the exposed and flawed devices, infecting them with any desired payload that the actors will pick.
The researchers’ knowledge about BotenaGo malware increased dramatically after the leak on GitHub happened.
A new strain of BotenaGo malware was also found after studying the leak source code on GitHub. According to the analysis, BotenaGo’s new variant comes with a new command-and-control server and an efficient evasion point against AV solutions.
The experts also found multiple cybercrime tools from several sources in the identical GitHub storage.
The researchers connected the dots based on past incidents because the new variant of BotenaGo was utilised by its operators to abuse IoT devices and routers. Furthermore, BotenaGo infected these devices with the Mirai malware.
The leak of the ready-to-use source code of BotenaGo in GitHub may result in the development of new malware variants. Therefore, millions of IoT devices and routers globally will be at risk of infection, and millions of users might suffer.
