Skip to main content

Threat actors are using advanced malware to backdoor business-grade routers

posted onMarch 7, 2023
by l33tdawg
Arstechnica
Credit: Arstechnica

Researchers have uncovered advanced malware that’s turning business-grade routers into attacker-controlled listening posts that can sniff email and steal files in an ongoing campaign hitting North and South America and Europe.

Besides passively capturing IMAP, SMTP, and POP email, the malware also backdoors routers with a remote-access Trojan that allows the attackers to download files and run commands of their choice. The backdoor also enables attackers to funnel data from other servers through the router, turning the device into a covert proxy for concealing the true origin of malicious activity.

“This type of agent demonstrates that anyone with a router who uses the Internet can potentially be a target—and they can be used as proxy for another campaign—even if the entity that owns the router does not view themselves as an intelligence target,” researchers from security firm Lumen’s Black Lotus Labs wrote. “We suspect that threat actors are going to continue to utilize multiple compromised assets in conjunction with one another to avoid detection.”

Source

Tags

Industry News

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th