Researchers at Lumen Technologies' Black Lotus Labs have discovered at least 80 router models in use in North America and Europe that have been infected by a remote access Trojan, called ZuoRAT, which is part of a larger hacking campaign that has been operating since at least the fourth quarter of 2020.
The malware, which has infected routers made by Cisco, Netgear, Asus, and DrayTek, assumes full control of connected devices running Windows, macOS, and Linux.
Said the researchers, "While compromising SOHO routers as an access vector to gain access to an adjacent LAN is not a novel technique, it has seldom been reported. Similarly, reports of person-in-the-middle style attacks, such as DNS and HTTP hijacking, are even rarer and a mark of a complex and targeted operation."
The initial ZuoRAT exploit is removed when an infected device is restarted, but full recovery requires a factory reset.
From Ars Technica
View Full Article
Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA