cyber security researcher fromAT&T Alien Labs announced that they have identified a new family of malware that attacks routers and
Connected Objects (IoT), He called it Botanago. They indicate that it has the potential to affect millions of devices. To achieve this, it exploits about 30 different vulnerabilities.
Researchers at AT&T Alien Labs indicate that Botanago has a similarity to the Mirai botnet and is identified as Antivirus, However, they point out that the malware’s payload was written in Go, an increasingly popular programming language, making it harder to detect. On the VirusTotal service, BotenaGo was detected by only 6 out of 62 antiviruses.
“Malware developers continue to develop new technologies to write and enhance the capabilities of malware,” said Ofer Caspi, security researcher at Alien Labs. “In the case of BotenaGo, it can be managed as a base and used on different operating systems with minor manipulations.”
Another notable fact, code analysis revealed that the hackers had a counter, which allowed them to know the number of infected devices in real time. Once corrupted, devices can be used to compromise networks or infect new devices.
malware still inactive
While it has the potential to compromise millions of devices, researchers have found that the malware is not currently communicating with any of the controlling servers. The researchers suggest two possibilities to explain this lack of activity. The first is that this is just a beta that accidentally ended up on the internet. The second possibility considered by the researchers, Botanago could be just a module of a larger group of malware and would be used to target specific devices.
Whatever the actual origin of the malware, the researchers recommend updating all connected objects, to reduce the number of vulnerabilities exploited by hackers. Finally, managers of connected object networks are advised to be on the lookout for any unusual use of bandwidth.