Home / Software & Gaming / Security / Linux.Wifatch ‘malware’ is actually making routers more secure

Linux.Wifatch ‘malware’ is actually making routers more secure

We seem to have a vigilante white hat hacker on our hands, as newly discovered ‘malware' aimed at Internet of Things devices and certain routers appears to be making these devices more secure. The Linux.Wifatch virus is doing the exact opposite of what most viruses would, rather than stealing user information or holding systems for ransom, it is actually improving security.

Linux.Wifatch was discovered by security firm, Symantec, which explained: “We first heard of Wifatch back in 2014, when an independent security researcher noticed something unusual happening on his home router. At first sight there was nothing unusual about it. As part of Symantec's efforts to identify malware targeting embedded devices we run a large network of honeypots that collect many samples, and Wifatch seemed to be just another of these threats.”

wifatch-header

“However, after a closer look, this particular piece of code looked somewhat more sophisticated than the average embedded threat we usually spot in the wild. Once a device is infected with the Wifatch, it connects to a peer-to-peer network that is used to distribute threat updates. The further we dug into Wifatch's code the more we had the feeling that there was something unusual about this threat. For all intents and purposes it appeared like the author was trying to secure infected devices instead of using them for malicious activities.”

The Wifatch virus has been under observation for a few months now by the security firm. However, it also pointed out that it hasn't been observed performing any malicious acts so far, which could potentially change at some point as the code contains backdoors for the author to use at will. At the end of the day, this is still injected code without user consent or knowledge, mostly over Telnet connections, which means its worth keeping an eye out for.

If you're interested in reading a more in-depth analysis of Wifatch, you can find the full Symantec report, HERE. I'd recommend giving it a read, it really is some fascinating stuff.

Discuss on our Facebook page, HERE.

KitGuru Says: This is certainly an interesting story. Normally when we hear about new viruses, it turns out to be some form of ransomware or part of some future phishing scam but Wifatch doesn't appear to be doing anything malicious at this point in time. 

Become a Patron!

Check Also

Nvidia driver update fixes crucial security vulnerabilities

Nvidia GeForce, RTX, Quadro, NVS and Tesla GPU users will want to update their drivers soon. Nvidia has pushed out a hotfix with a number of critical security fixes that if left unfixed, could allow for unauthorised access to systems. 

4 comments

  1. So all it does is update lists of other known threats? I wonder if it’s designed to let them all through the firewall at some point in the future… Alternatively, maybe it really is a pro-bono anti virus tool and will be an integral part of somebody’s CIA job application lol

  2. “Wifatch has a module that attempts to remediate other malware infections present on the compromised device. Some of the threats it tries to remove are well known families of malware targeting embedded devices.”
    http://www.symantec.com/connect/blogs/there-internet-things-vigilante-out-there?SID=skim3305X620930Xf4c0300b1a619955f2b27c24b0f5d4a4&API1=100&API2=4084478&cjid=4084478

    It doesn’t just update lists. Read the Symantec report, it does seem to be securing the routers. Of course it still ‘installed’ itself without users consent and contains backdoors that could be used to do bad things so it has to be observed

  3. Last tuesday I got a top of the McLaren F1 from earning $16020 this last four weeks and also 15-k last-month . this is definitely the coolest work I have ever done . Without any question it’s the most financially rewarding Ive had . I started this 4 months ago & practicaIIy straight away began to bring home over $97 p/h .V.isit weblink to start immediately.
    .cs.
    ➤➤➤➤ http://GoogleSuperPayingTopJobsDataEmploymentProjects/Get/Start/Today… ✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱

  4. Kick out other spyware & corner the market on backdoors. Either a cyber crim is getting fancy smart or a State figured “two birds one stone”.