Linux.Wifatch is malware for wireless routers, and possibly other IoT devices, that apparently aims to make them more secure, according to Symantec.
Linux.Wifatch has been around since 2014; When an independent security researcher noticed something unusual happening on his home router. The researcher identified running processes that didn’t seem to be part of the legitimate router software. During his analysis he discovered a sophisticated piece of code that had turned his home router into a zombie connected to a peer-to-peer network of infected devices. In April of this year a new variant appeared. Once a device is infected with the Wifatch, it connects to a peer-to-peer network that is used to distribute threat updates. Wifatch’s code does not ship any payloads used for malicious activities, such as carrying out DDoS attacks, in fact all the hardcoded routines seem to have been implemented in order to harden compromised devices. Wifatch has a module that attempts to fix other malware infections present on the compromised device. Some of the threats it tries to remove are well known families of malware targeting embedded devices.
A few days ago, computer security firm Symantec reported that Linux.Wifatch appears to make the devices it compromises more, not less, secure. “The further we dug into Wifatch’s code the more we had the feeling that there was something unusual about this threat,” Symantec’s Mario Ballano wrote. “For all intents and purposes, it appeared like the author was trying to secure infected devices instead of using them for malicious activities.”
Symantec suggested that the Linux.Wifatch author could be an “an Internet-of-Things vigilante,” who wants to make devices more secure in our increasingly connected homes and offices. If that’s true, it’s hard to fault this hacker (or hackers), since the companies that sell these devices have done an remarkably poor job so far of assuring user privacy and security. Maybe activist hackers inspired by the free-software ethos are the best line of defense against our routers, our cars and the rest of our electronic lives being compromised by people up to no good.
ChaiTechWorld 