AT&T has revealed malware that could affect millions of routers and Internet of Things devices.
The company’s Alien Labs threat intelligence unit nicknamed the malware BotenaGo because it’s written in Go, a programming language that Google designed specifically for networking. It is also capable of creating botnets that work on a variety of device types.
AT&T Alien Labs claims that BotenaGo can exploit up to 30 different vulnerabilities against its targets. The company used Shodan, a search engine used to find devices connected to the Internet, to determine that millions of devices could be affected by at least some of the malware’s functions.
Unfortunately, the number of antivirus solutions capable of defending against malware, at least at the time of writing, is much lower. AT&T Alien Labs claims that only six of the 62 vendors used by the VirusTotal malware analysis platform identified BotenaGo as malware when it was discovered.
Several of those who identified BotenaGo as malware identified it as Mirai, a well-known malware that is used to create botnets so that its operators can carry out distributed denial of service attacks. But AT&T Alien Labs says it thinks the assessment is incorrect.
Recommended by our editors
“The new strains of malware discovered by Alien Labs do not have the same attack functions as Mirai malware,” he says, “and the new strains only look for vulnerable systems to distribute their payload.” But it also says it’s possible that BotenaGo and Mirai were designed to work together.
“It is not yet clear which threat actor is behind the malware,” says AT&T Alien Labs. He also notes that millions of devices showing up in Shodan research doesn’t necessarily mean BotenaGo has infected multiple devices; at the moment, he does not know how widespread the malware is.
Do you like what you read ?
Sign up for Security watch newsletter for our best privacy and security stories delivered straight to your inbox.