Hackers hijack Wi-Fi routers with zuoRAT malware

As if you weren’t worried enough, a new report shows that hackers are targeting home Wi-Fi routers to gain access to all your connected devices.

The report comes from Black Lotus Lab, a security division of Lumen Technologies. The report describes several perceived real-world attacks on small home/home offices (SOHO) routers since 2020, when millions of people started working from home at the start of the COVID 19 pandemic.

an anonymous hacker in a black hoodie in front of a computer screen with lines of code on it

According to Black Lotus Lab, the attackers are using Remote Access Trojans (RATs) to hijack a home’s router. The trojans use a new malware strain called zuoRAT to access and then deploy in the router. Once deployed, the RATs allow attackers to upload and download files to any connected devices on the home or office network.

“The rapid shift to remote working in the spring of 2020 presented another opportunity for threat actors to undermine traditional deep protection by targeting the weakest points of the new network perimeter – small office/home office (SOHO) routers.” Lumen Technologies said in a blog post† “Actors can leverage SOHO router access to maintain low detection presence on the target network.”

ZuoRAT withstands attempts to sandbox it for further investigation. It tries to contact various public servers when it is first deployed. If it doesn’t get a response, it assumes it’s sandboxed and deletes itself.

The malware is incredibly sophisticated, and Lumen Technologies believes it could have come from a nation-state, not from rogue hackers. This means that a resource-heavy government could target SOHO routers in North America and Europe.

ZuoRAT gets remote access to SOHO routers. It continuously scans networks for vulnerable routers and attacks if there is one.

Once the Trojans are in there, there is no limit to the damage they can do. Until now, they have been content to steal data – personally identifiable information (PII), financial information, and normally secure business or company information. But threat actors have the ability to deploy other malware once they gain access.

Blue Lotus Lab was able to trace one of the zuoRAT viruses to servers in China. Furthermore, little is known about the origin of the malware.

Most common household routers seem vulnerable, including Cisco, Netgear, and ASUS. The best way to protect yourself from a zuoRAT infection is to reboot your home router regularly. The virus cannot survive a reboot, which erases the router and resets it to factory settings.

Editor’s Recommendations

Leave a Comment

Your email address will not be published. Required fields are marked *