There are many types of threats on the network. Not all of them have the same objective, since we can find some who seek to steal information, others damage the proper functioning of the systems and sometimes even control the equipment connected to a network. In this article we report on a new malware that uses the Wi-Fi BSSID to identify and geolocate victims.
They use the Wi-Fi BSSID to geolocate victims
There is no doubt that wireless networks are very present today. We have more and more connected devices, with better resources. We can say that cable connections have moved into second place. However, this option also carries more risks, as we know.
Hackers use different methods to collect widely varied information and data from victims. They can, for example, obtain the access credentials to enter the accounts. Also information to impersonate. Now, in this case we are facing a threat that what it achieves is to geolocate the victims through the Wi-Fi BSSID.
Use the Wi-Fi MAC address to locate infected hosts. Attackers seeking to know the location of the victims they infect generally rely on a simple technique in which they take the victim’s IP address and compare it to an IP database.
This technique is not very precise, although it is a method that allows determining the real physical location of a user based on their data. However, a security researcher, Xavier Mertens, has discovered a new strain of malware that uses a second technique in addition to the first one we mentioned.
What this second technique does is obtain the BSSID of the infected user . It is basically the physical MAC address of the router or access point to which the victim connects. What the malware does is collect the BSSID and then verify it against a free database. This is a collection of known BSSIDs and the last geographic location where they were detected.
Very common databases
Keep in mind that these databases are very common today. Many mobile applications use them to have an alternative option of tracking users when they cannot directly access the location on the mobile.
The malware , through that database, offers information about where that Wi-Fi access point is. A more precise way of knowing the geographical location of the victim. If we ask ourselves why they want to know the location, it should be mentioned that some malware campaigns are only aimed at users from a certain territory, for example.
Ultimately, this new threat can make it possible to know more precisely where a victim is at any given time. As we always say, it is important to protect our computers and networks and thus prevent possible attacks that may affect our privacy and security. We leave you an article where we talk about Wi-Fi security against mobile data.
