AT&T has revealed malware that could affect millions of routers and Internet of Things devices.
The company’s Alien Labs threat intelligence unit dubbed the malware BotenaGo because it’s written in Go, a programming language that Google designed specifically with networking in mind. It’s also capable of creating botnets that function across a variety of device types.
AT&T Alien Labs says BotenaGo can exploit up to 30 different vulnerabilities against its targets. The company used Shodan, a search engine used to look up internet-connected devices, to determine that millions of devices could be affected by at least some of the malware’s functions.
Unfortunately, the number of antivirus solutions that can defend against the malware—at least at time of writing—is much lower. AT&T Alien Labs says that just six of the 62 vendors used by the malware-scanning VirusTotal platform identified BotenaGo as malware when it was discovered.
Several of the ones that did identify BotenaGo as malware identified it as Mirai, a well-known piece of malicious software that is used to create botnets so its operators can conduct distributed denial of service attacks. But AT&T Alien Labs says it believes that assessment is incorrect.
“The new malware strains Alien Labs has discovered do not have the same attack functions as Mirai malware,” it says, “and the new strains only look for vulnerable systems to spread its payload.” But it also says it’s possible that BotenaGo and Mirai are designed to work together.
“It is yet unclear which threat actor is behind the malware,” AT&T Alien Labs says. It also notes that millions of devices appearing in the Shodan search doesn’t necessarily mean that BotenaGo has infected many devices; right now it doesn’t know how widespread the malware is.
