Has anyone ever heard about a "Vigilante-style Hacker," who hacks every possible system to make them more Secure?

No. It's not funny, neither a movie story:

Reportedly, someone is hacking thousands unprotected Wi-Fi routers everywhere and apparently forcing owners to make them more Secure.

Security firm Symantec has discovered a new malware, dubbed "Linux.Wifatch" a.k.a "Ifwatch," infected more than 10,000 vulnerable 'Internet of Things' devices, and spreading quickly.

However, Linux.Wifatch not only removes malicious backdoor but also encourages users to update their weak passwords.

How Does Linux.Wifatch Work?

Once a device is infected, the Linux.Wifatch malware connects to a peer-to-peer network that is being used to distribute threat updates.

Linux.Wifatch's code does not deploy any payload for malicious activities, such as to carry out DDoS attacks, rather it detects and remediates the known families of malicious codes present on the compromised devices.

After Installation, whenever 'Linux.Wifatch' detects any malicious activity or malware on the vulnerable device; it asks the device owners to:
  • Change their default password,
  • Close potentially vulnerable Telnet port immediately
However, the malware does not appear to be used for malicious purposes yet, but researchers have found that the malware contains a number of backdoors that can be used by its developer to carry out malicious tasks remotely.

Linux.Wifatch, written in the Perl programming language, was first discovered in November last year by an independent malware researcher, who calls himself "Loot Myself."

The researcher shared complete details of the malware in a two-part series on his blog with the same name - "Loot Myself: Malware Analysis and Botnet tracking."

In 2014, the researcher sensed unwanted activities in his home router and for which he could not find the location as well.

This curiosity made him explore more, and while digging deeper he decoded the roots of the malware- THE SOURCE CODE, written in Perl.

After going through the source code, the researcher points out that the code is not obfuscated; it just uses compression and minification of the source code.

Further, the researcher mentions about an unusual activity:
"To any NSA and FBI agents reading this: please consider whether defending the U.S. Constitution against all enemies, foreign or domestic, requires you to follow Snowden's example." he says in the blog post.

How to Secure Your Wireless Router?

Though the risk associated with Linux.Wifatch is low, the security researchers at Symantec are keeping an eye on its activities.

They say with such a "Malware-for-Good," it apparently creates a 'Benefit of the Doubt' as the author's intentions are unknown.

The case hasn't closed yet, as Symantec says, "It pays to be suspicious."

Essential Security Measures

Symantec had previously issued measures to get rid of this Malware. Here below you can read a few important recommendation in short:
  • Use a Firewall to block all incoming connections
  • Enforce a password policy
  • Make sure to offer the lowest level of privileges to programs
  • Disable AutoPlay
  • Turn off file sharing if not needed

How to Remove 'Linux.Wifatch' Malware?

If you have also detected such activity on your home routers, you can get rid of the risk associated with it by:
  • Resetting your device; as it will remove the Linux.Wifatch malware
  • Keeping your device's software and firmware up to date
  • Changing any default passwords that may be in use
  • Resetting your passwords routinely

More Ways to Protect your Network

Further, you can protect your Wireless network by following few measures, that assure your security, like:
  • Turning on your wireless router's encryption setting
  • Turn the Firewall On
  • Change Default Passwords
  • Change the default "SSID" (service set identifier) of your devic
  • Turn Network Name Broadcasting Off
  • Use the MAC Address Filter

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.