There Might Be A ZuoRAT In Your SOHO Router, Infecting Your Machines
It’s Probably Time To Start Scheduled Reboots For Your Routers
Today brings the revelation that yet another sophisticated attack against SOHO routers has been attacking hardware for well over a year. The complexity of ZuoRAT, the fact that three of the four components were written from scratch and the fact it has been found on over 80 different models of routers suggests it has the backing of an entity with a lot of resources. The trojan runs on the MIPS architecture, which is why it can infect so many different types of routers, but that also brings good news. This type of trojan will not survive a router reboot, so you might want to figure out a way to bounce yours regularly.
It is communicating back to it’s control servers via a number of proxies including ones in Taiwan and Canada which is making it hard to determine where those servers are located, though researchers are still hoping for a breakthrough. The infection, one it moves into your router, will enumerate the devices on your network and hijack DNS and HTTP requsets to redirect your browser to malicious sites masquerading as the sites you intended to visit. From there they can infect the machines on your network, sadly those infections will survive a reboot.
You can learn more about what has been discovered about ZuoRAT over at Ars Technica; though maybe reboot that router, just in case.
An unusually advanced hacking group has spent almost two years infecting a wide range of routers in North America and Europe with malware that takes full control of connected devices running Windows, macOS, and Linux, researchers reported on Tuesday.
More Tech News From Around The Web
- HPE ProLiant RL300 Gen11 Ampere Altra Max Arm Servers Launched @ ServeTheHome
- Arm says its Cortex-X3 CPU smokes this Intel laptop silicon @ The Register
- TSMC May Surpass Intel In Quarterly Revenue For First Time @ Slashdot
- TSMC To Customers: It’s Time To Stop Using Older Nodes and Move to 28nm @ Slashdot
- AMD targeted by RansomHouse, attackers claim to have ‘450Gb’ in stolen data @ The Register
- Gmail’s New Look Is About To Become Opt-Out Instead of Opt-In @ Slashdot
- Valve are “more than doubling” weekly Steam Deck shipments @ Rock, Paper, SHOTGUN
- Windows 10’s 22H2 update might not actually do much of anything @ Ars Technica