AT&T cybersecurity researchers have discovered malware that risks millions of routers, NAS, and IoT devices. The malware lets the attackers to manipulate 33 different exploits, creates a backdoor and waits to receive a target to attack from a remote operator or from another module running on the same machine.
Written in the Go language
According to the security researchers, the newly discovered malware is written in the Go language and it has been wildly increased by 2,000% in recent years. The malware is attacking through port 19412. For now, 28 of 61 malware scanners on VirusTotal can detect the malware, which means the detection rate is still very poor.
On the other hand, the cybercriminal group behind the malware is currently unknown and some scanners recognize the malware as a variant of Mirai malware. The researchers also inform that the malware is part of a suite and Botenago is only one module of infection in an attack.
AT&T cybersecurity researchers said,
« In addition, Mirai uses an “XOR table” to hold its strings and other data, as well as to decrypt them when needed — this is not the case for the new malware using Go. For this reason, Alien Labs believes this threat is new, and we have named it BotenaGo. »
They added the malware may be a Mirai successor, with the operators targeting known IPs infected with Mirai. The researchers recommend the infected users install the latest security updates and ensure minimal exposure to the internet on Linux servers and IoT devices. It is also important to configure the firewall properly and monitor network traffic, outbound port scans, and check if any extraordinary bandwidth usage.