The routers in our homes are key pieces for all the members of the family, since thanks to them we can connect and enjoy everything that the Internet gives us. These are designed to be secure, but it is inevitable that these will have some security holes. The manufacturers patch them frequently, but some cybercriminals manage to continue attacking them. In fact, a wide range of routers have long been under attack by highly advanced malware. We tell you more .
This malware would have been in circulation for some time and during all this it has been infecting a considerable number of routers both in the United States and in Europe (including Spain). This malware is really dangerous as it is capable of controlling connected devices running all kinds of operating systems like Windows, Linux or even MacOS.
A very dangerous malware
The malware, named ZuoRAT, is designed to affect home and small office routers, and is capable of enumerating all connected devices and collecting DNS lookups and the traffic they send and receive. In other words, you can install whatever you want on our computer without us noticing your presence at any time.
Its operation or way of acting comprises at least four different pieces of malware . The first of these is ZuoRAT itself, and once it is installed on our router, it will hijack DNS and HTTP to make the devices that are connected to the router download one of the other three malware, tailored to be able to gain control of virtually any team.
Researchers from Black Lotus Labs indicate that while this type of malware itself is nothing new, it has been a long time since such a sophisticated malware has been seen attacking home or small office networks:
While compromising home or small office routers as a gateway to gaining access to a nearby LAN is not a new technique, it has been rarely reported. Similarly, reports of Man-in-the-Middle attacks such as DNS and HTTP hijacking are even rarer and a mark of a complex and targeted operation. The use of these two techniques demonstrated a high level of sophistication, indicating that this campaign was possibly carried out by a state-sponsored organization.
It’s complex for a reason
That the way of acting and the structure of this new malware is so complex has a way of being very clear: to hide what is happening . We must bear in mind that routers are generally overlooked when it comes to this type of malware, since we always care more about the equipment that we have connected to them when it comes to security.
The good side of the matter is that, like all malware that infects routers, it is not at all difficult to remove. To date, no malware can survive a reboot . If we reboot an infected device, it will remove the initial ZuoRAT exploit, as its files are stored in a temporary directory that will disappear upon reboot. It should be added that for a complete recovery, a simple restart will not be enough, and it will be necessary to restore the device from the factory .