Skip to main content

Oh great, new malware lets hackers hijack your Wi-Fi router

As if you didn’t already have enough to worry about, a new report finds hackers are targeting home Wi-Fi routers to gain access to all your connected devices.

The report comes from Black Lotus Lab, a security division of Lumen Technologies. The report details several observed real-world attacks on small home/home office (SOHO) routers since 2020 when millions of people began working from home at the start of the COVID 19 pandemic.

a faceless hacker in a black hoodie in front of a computer screen with lines of code on it
DigitalTrends.com

According to Black Lotus Lab, the attackers use Remote Access Trojans (RATs) to hijack a home’s router. The trojans use a new malware strain called zuoRAT to gain access and then deploy inside the router. Once deployed, the RATs allow attackers to upload and download files to all the connected devices on the home or office network.

Recommended Videos

“The rapid shift to remote work in spring of 2020 presented a fresh opportunity for threat actors to subvert traditional defense-in-depth protections by targeting the weakest points of the new network perimeter — small office/home office (SOHO) routers.” Lumen Technologies said in a blog post. “Actors can leverage SOHO router access to maintain a low-detection presence on the target network.”

ZuoRAT is resistant to attempts to sandbox it for further study. It attempts to contact several public servers when it first deploys. If it doesn’t receive any response, it assumes it has been sandboxed and deletes itself.

The malware is incredibly sophisticated, and Lumen Technologies believes it may originate from a nation-state actor, not rogue hackers. This means a government with a lot of resources could be targeting SOHO routers in North America and Europe.

ZuoRAT gains remote access to SOHO routers. It is constantly scanning networks for vulnerable routers and attacks if one is located.

Once the trojans are in, there’s no limit to the damage they can do. So far, they’ve been content with stealing data — personal identifiable information (PII), financial information, and normally secure business or corporate information. However, the ability is there for threat actors to deploy other malware once they’ve gained access.

Blue Lotus Lab was able to trace one of the zuoRAT viruses to servers in China. Other than that, little is known about the origins of the malware.

Most common household routers seem to be vulnerable, including Cisco, Netgear, and ASUS.  The best way to protect against a zuoRAT infection is to regularly reboot your home router. The virus cannot survive a reboot, which wipes the router and restores it to its factory settings.

Nathan Drescher
Former Digital Trends Contributor
Nathan Drescher is a freelance journalist and writer from Ottawa, Canada. He's been writing about technology from around the…
Hackers are using a devious new trick to infect your devices
A person using a laptop with a set of code seen on the display.

Hackers have long used lookalike domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to ramp up significantly. That’s because two new domain name extensions have been approved which could lead to an epidemic of phishing attempts.

The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They’ve just been introduced by Google alongside the .dad, .esq, .prof, .phd, .nexus, .foo names.

Read more
Microsoft just gave you a new way to stay safe from viruses
A dark mystery hand typing on a laptop computer at night.

Microsoft has just taken a vital step towards better protecting your devices from malware, and it’s one that could stop viruses dead in their tracks. Interestingly, though, the Redmond giant seems to have made no mention of the change, despite its significance.

The new policy might sound minor on the surface: Microsoft’s SharePoint cloud storage service can apparently now scan files that are encrypted or password-protected. Previously, this wasn’t thought to be possible.

Read more
This Mac malware can steal your credit card data in seconds
Apple's Craig Federighi speaking about macOS security at WWDC 2022.

Despite their reputation for security, Macs can still get viruses, and that’s just been proven by a malicious new Mac malware that can steal your credit card info and send it back to the attacker, ready to be exploited. It’s a reminder to be careful when opening apps from unknown sources.

The malware, dubbed MacStealer, was discovered by Uptycs, a threat research firm. It hoovers up a wide array of your personal data, including the iCloud Keychain password database, credit card data, cryptocurrency wallet credentials, browser cookies, documents, and more. That means there’s a lot that could be at risk if it gains a foothold on your Mac.

Read more