Security researchers have discovered a piece of ‘vigilante’ malware that infects routers and other connected devices, but instead of harming them, improves their security.
‘Linux.Wifatch’ was first observed in 2014 by a research who discovered his router was carrying out actions beyond the remit of the legitimate software and upon closer inspection, he found the device had connected to a peer-to-peer network of other compromised routers.
Symantec says routers have become attractive targets for attackers because it is difficult for most users to detect such threats and because these access points are useful for DDoS Attacks. It has monitored Wifatch for some time and has been able to document its peculiar behaviour.
“Wifatch’s code does not ship any payloads used for malicious activities, such as carrying out DDoS attacks, in fact all the hardcoded routines seem to have been implemented in order to harden compromised devices. We’ve been monitoring Wifatch’s peer-to-peer network for a number of months and have yet to observe any malicious actions being carried out through it.”
Ballano said the malware made no attempt to conceal itself and even left messages for users, urging them to change their passwords and update their firmware. Symantec estimates ‘tens of thousands’ of devices are affected and warns that despite Wifatch’s seemingly philanthropic intentions, it should be treated with caution.
“It should be made clear that Linux.Wifatch is a piece of code that infects a device without user consent and in that regard is the same as any other piece of malware,” Ballano continued. “It should also be pointed out that Wifatch contains a number of general-purpose back doors that can be used by the author to carry out potentially malicious actions. However, cryptographic signatures are verified upon the use of the back doors to verify that commands are indeed coming from the malware creator. This would reduce the risk of the peer-to-peer network being taken over by others.”
There is one simple fix however. Resetting your device will rid it of Wifatch, although that’s not to say it might rear its head in the future.
Router attacks have previously been used to launch major DDoS assaults, including some conducted by Lizard Squad, and to insert porn and adverts into web pages.
Are you a security pro? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…