There is a nasty malware out there targeting Wi-Fi routers.
The AT&T researchers who discovered this malware call it BotenaGo, and it is distinctly different from the Mirai botnet malware that has been attacking routers since 2016.BotenaGo is a malware that exploits 33 known vulnerabilities in 12 different router brands including D-Link, Linksys, Netgear, Tenda, BotenaGo exploits 33 known vulnerabilities in 12 different router brands, including D-Link, Linksys, Netgear, Tenda, Totolink, Zyxel, and ZTE. The full list is posted on the AT&T Cybersecurity blog post.
To avoid infection, update your router to the latest firmware. Newer routers, including many high-end gaming and mesh routers, do this automatically, but you want to check the router's management interface to make sure the feature is turned on.
For inexpensive routers, we recommend going into the management interface anyway and checking for updates. Some routers allow you to initiate updates manually from within the admin panel. While you're there, make sure your router is closed to management access from outside your local network, and make sure your router's admin password is long, strong, and unique.
And if you have a router older than five years, you may need to manually download a firmware update from the manufacturer's website to your PC or Mac, then get the update package from your computer to your router Follow the instructions on how to For more information on how to update your router's firmware, click here.
The BotenaGo malware exploits one or more of the 33 known vulnerabilities listed above to infiltrate routers. Since these flaws were discovered between one and eight years ago, it is likely that most or all of them have been patched in firmware updates since then.
Once Botenago gets into the router, it sets up a backdoor to the router using two different, obscure ports and waits for instructions from a command-and-control server. However, when AT&T researchers attempted to examine these servers, there was no trace of the "payload" to be delivered.
Typical router malware payloads include additional malware that "drafts" routers into botnets like Mirai and uses them for mass attacks against websites, and code that uses routers to send spam emails. (If the infected router is connected to a telephone company's DSL line, it can also send spam e-mail.) In many cases, infected routers spread malware to more routers.
AT&T researchers see three possibilities for BotenaGo. Either it is just one step in a multi-step attack, it is a new tool used by the operators of the Mirai botnet, or it is still in development and was released early by accident.
It is not clear who is behind the BotenaGo malware, but it is clear that it can be circumvented fairly easily as long as the router firmware is updated.
Comments