Newly Netgear Router Exploit Allow Anyone to Hack you Remotely!

Newly Discovered Netgear Router Exploit Allow Hackers to Hack into your Network Easily through that Hackers will be able to Inject into your DNS to Point it to something else, like Phishing Pages to Steal your Credit Cards or Targeted informations this Exploit has Normally Affect All Netgear users around the world.

Now within few days, a security researcher has discovered a serious vulnerability in Netgear routers that has been publicly exploited by hackers.
The Security flaw allowed hackers or Stealers to change the Domain Name System (DNS) settings of victims’ routers to the targeted operations.
A security researcher, named Joe Giron, gave the details of his experience to BBC, saying that he noticed some anonymous activities in his machine and on investigating he learned that:

How Does Linux.Wifatch Work?

Once a device is infected, the Linux.Wifatch malware connects to a peer-to-peer network that is being used to distribute threat updates.
Linux.Wifatch’s code does not deploy any payload for malicious activities, such as to carry out DDoS attacks, rather it detects and remediates the known families of malicious codes present on the compromised devices.
After Installation, whenever ‘Linux.Wifatch‘ detects any malicious activity or malware on the vulnerable device; it asks the device owners to:
  • Change their default password,
  • Close potentially vulnerable Telnet port immediately
However, the malware does not appear to be used for malicious purposes yet, but researchers have found that the malware contains a number of backdoors that can be used by its developer to carry out malicious tasks remotely.
Linux.Wifatch, written in the Perl programming language, was first discovered in November last year by an independent malware researcher, who calls himself “Loot Myself.”
The researcher shared complete details of the malware in a two-part series on his blog with the same name – “Loot Myself: Malware Analysis and Botnet tracking.”
In 2014, the researcher sensed unwanted activities in his home router and for which he could not find the location as well.
This curiosity made him explore more, and while digging deeper he decoded the roots of the malware- THE SOURCE CODE, written in Perl.
After going through the source code, the researcher points out that the code is not obfuscated; it just uses compression and minification of the source code.
Further, the researcher mentions about an unusual activity:
“To any NSA and FBI agents reading this: please consider whether defending the U.S. Constitution against all enemies, foreign or domestic, requires you to follow Snowden’s example.” he says in the blog post.

How to Secure Your Wireless Router?

Though the risk associated with Linux.Wifatch is low, the security researchers at Symantec are keeping an eye on its activities.
They say with such a “Malware-for-Good,” it apparently creates a ‘Benefit of the Doubt‘ as the author’s intentions are unknown.

The case hasn’t closed yet, as Symantec says, “It pays to be suspicious.


Essential Security Measures

Symantec had previously issued measures to get rid of this Malware. Here below you can read a few important recommendation in short:
  • Use a Firewall to block all incoming connections
  • Enforce a password policy
  • Make sure to offer the lowest level of privileges to programs
  • Disable AutoPlay
  • Turn off file sharing if not needed

How to Remove ‘Linux.Wifatch’ Malware?

If you have also detected such activity on your home routers, you can get rid of the risk associated with it by:
  • Resetting your device; as it will remove the Linux.Wifatch malware
  • Keeping your device’s software and firmware up to date
  • Changing any default passwords that may be in use
  • Resetting your passwords routinely

More Ways to Protect your Network 

Further, you can protect your Wireless network by following few measures, that assure your security, like:
  • Turning on your wireless router’s encryption setting
  • Turn the Firewall On
  • Change Default Passwords
  • Change the default “SSID” (service set identifier) of your devic
  • Turn Network Name Broadcasting Off
  • Use the MAC Address Filter

Source: BBC

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button