Home → News → Malware Uses WiFi BSSID for Victim Identification → Full Text

Malware Uses WiFi BSSID for Victim Identification

By ZDNet

January 7, 2021

[article image]

SANS Internet Storm Center's Xavier Mertens recently discovered a new malware strain that collects an infected user's Basic Service Set Identifier (BSSID), or the MAC physical address of the wireless router or access point being used to connect via Wi-Fi.

The malware checks the BSSID against a free database of known BSSIDs and the last geographical location where they have been seen, allowing the malware to determine the physical location of the Wi-Fi access point—and the victim.

Typically, malware operators check the victim's IP address against an IP-to-geo database, but the results often are inaccurate.

This new method using the BSSID potentially could be adopted by other malware operators to double-check a victim's geographical location.

Determining the victim's location is important for malware operators looking for victims inside specific countries, or those seeking to avoid infecting victims in their native country to evade law enforcement.

From ZDNet
View Full Article


Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


No entries found