ZuoRAT, the malware that hijacked thousands of routers: yes, in Spain too

Routers in our homes are essential pieces for the whole family, thanks to which we can connect and enjoy all that the Internet has to offer us. They are designed to be secure, but they are bound to have some security holes. Manufacturers patch them frequently, but some cybercriminals manage to attack them. In fact, a wide variety of routers have been under attack for quite some time. By highly advanced malware. tell you more.

This malware could have been circulating for some time and during all this it was infecting a large number of routers in both the US and Europe (including Spain). This malware is really dangerous because it is capable of it Control of connected devices running all types of operating systems Like Windows, Linux, or even macOS.

Very dangerous malware

The malware, called ZuoRAT, is designed to affect home and small office routers, and is capable of enumerating all connected devices and collecting DNS lookups and the traffic they send and receive. In other words, You can install whatever you want on our computer Without our knowledge of their presence at any time.

Including its work or the way it works at least Four different pieces of Malware. The first of these is ZuoRAT itself, and once installed on our router, it will hijack DNS and HTTP to make devices connected to the router download one of the three other malware, designed to be able to control virtually any team.

Researchers from Black Lotus Labs point out that while this type of malware in and of itself is nothing new, It’s been a long time since someone has been seen so advanced Attacking home or small office networks:

See also  The camera did not record this! Mizika had fun with him before reality even started, the real truth is finally revealed

While compromising home or small office routers as a gateway to nearby LAN access is not a new technology, it has rarely been reported. Similarly, reports of Man-in-the-Middle attacks such as DNS and HTTP hijacking are much rarer and a sign of a complex and targeted process. The use of these two technologies showed a high level of sophistication, which indicates that this campaign may have been carried out by a state-sponsored organization.

It’s complicated for a reason

That the way of acting and the structure of this new Malware Very complex and has a very straightforward method: Hide what’s going on. We have to keep in mind that routers are generally overlooked when it comes to this type of malware, since we always care about the equipment we plug them into when it comes to security.

The good side of it is that he’s like everyone else Malware that infect routers, it is not difficult to remove them. up to date, No malware can survive the restart. If we reboot an infected machine, the initial ZuoRAT exploit will be removed, as its files are stored in a temporary directory that will disappear upon restart. It must be added that a simple restart will not be enough for a full recovery, since It will be necessary to restore the device to the factory.

Leave a Reply

Your email address will not be published.