Now Reading
Linux.Wifatch: Vigilante Hacker Infects Routers with Malware to Fight Bad Malware

Linux.Wifatch: Vigilante Hacker Infects Routers with Malware to Fight Bad Malware

by Samburaj DasOctober 2, 2015

router-155899_1280 A newly discovered malware, called Linux.Wifatch by security firm Symantec, has been found to compromise at least 10,000 Linux-routers. Unlike other malware, however, Wifatch protects the router from other infections, protecting victims instead.

Security giant Symantec has discovered a new vigilante malware that behaves like most other malware by infecting a vulnerable device, remaining undetected while operating and actively updating itself over a peer-to-peer (P2P) network.

The malware dubbed Linux.Wifatch comes with a strikingly different set of capabilities. Instead of harming the compromised router and the computers on its network, Wifatch secures it by safeguarding it from other malware.

Quite simply, Wifatch is protecting over 10,000 routers running Linux by infecting them.

The complete report detailing the discovery of Wifatch by Symantec can be found here.

White-hat Malware

Linux.Wifatch was first discovered last year by an independent researcher. The malware now infects more than 10,000 routers predominantly in China and Brazil. Over time, Wifatch has been found to stay updated in its virus definitions through its P2P network, block other channels typically used by malware to infect routers and even delete the traces of malware that do get through.

Wifatch even has a module that is constantly updated and exists to remove “well-known families of malware targeting embedded devices.”

Mario Ballano, a Symantec researcher who wrote about the findings, points to the likelihood of a mysterious vigilante hacker being the brains behind Wifatch due to comments left in the code. Specifically, the comments include an email signature used by Richard Stallman, an advocate of free software that says:

To any NSA and FBI agents reading my email: please consider whether defending the US Constitution against all enemies, foreign or domestic, requires you to follow Snowden’s example.

While internet vigilantes are usually loud and boisterous in their aggressive way of operating through means such as DDoS attacks or breaches involving corporate databases, Wifatch appears far more subtle in the way it works. Ballano added:

For all intents and purposes it appeared like the author was trying to secure infected devices instead of using them for malicious activities.

routerAdditionally, Wifatch even reminds users to update the router’s firmware when there is an action triggered to access the Telnet feature, the port that controls functions on the device and routinely used other malware to infect the router.

Symantec notes that resetting the router to its default setting will remove the Wifatch malware during reboot. However, the same device may be infected by Wifatch again over time. The security firm is advising users to update the router’s software and keep its firmware up to date.

“There is no doubt that Linux.Wifatch is an interesting piece of code. Whether the author’s intentions were to use their creation for the good of other IoT users—vigilante style—or whether their intentions were more malicious remains to be seen,” notes Ballano.

What we do know is that it pays to be suspicious and, with this in mind, Symantec will be keeping a close eye on Linux.Wifatch and the activities of its mysterious creator.

Images from Shutterstock, Flickr & Pixabay

Advertised sites are not endorsed by us. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
What's your reaction?
Love it
Hate it
  • DigitalGalaxy

    Very cool! Inspiring! 🙂

  • Slashthedragon


  • Jim Brown

    Call me old school, but every “stand-alone” “router” that I ever
    played with required a very precarious procedure for
    updating the firmware that usually involves “bricking” your
    device if you don’t follow the instructions to the letter.

    This article must be referring to some of the small computers
    supplied by your local cable company, that also just happen to
    contain a wireless router and a cable modem, and
    a cable TV decoder, and maybe even a hard drive,
    all in one box.
    I call that a cable TV box.
    But, since I don’t want to subject myself to continuous
    propaganda, I don’t have one of these anymore.

    I would tend to lean towards the idea that this software
    is not related to anything benevolent, and also that this
    has nothing to do with the “mysterious vigilante hacker”
    mentioned. I think this is to draw attention away from
    government censorship, and this software is being
    “test-driven” to prove it’s effectiveness.

    There is absolutely NO WAY that a cable company would
    allow something like this to be out of their control.
    They pay huge money for these custom computers.
    The computer manufacturers have some extremely
    competent people setting up these computers.
    These computers can only be accessed by codes that
    I know because I used to have to call by phone to get
    the latest access codes just for minor router tweaks on
    my cable box, and that was 4 years ago!!

    Therefore, I have to call BS on this article.

    • ramv36

      “and that was 4 years ago”

      Which is why most would call BS on your BS. In this arena of technology, 4 years might as well be 4 decades.

      • Jim Brown

        And your point is ????
        I mean, aside from being PAID to be a troll/hater.
        Let’s see you create ANY KIND of a legitimate observation.
        YOU CAN’T,
        If you could, you would have.

        Basically, if you open your mouth again, I’m quite sure
        that you will prove beyond any shadow of a doubt,
        that you are just a useless waste of oxygen.

        Here’s your challenge,
        without using any generalities or name calling,
        or “everybody knows that” type statements
        explain exactly how it might be possible to hack into
        a modern cable box designed by highly paid
        software and hardware engineers whos’ job it is
        to make it completely bulletproof.

        We’ll wait patiently.
        (Theme from the Jeopardy game show plays in the background)

        • Himi Gilbert

          > Call me old school, but every “stand-alone” “router” that I everplayed with required a very precarious procedure for
          updating the firmware that usually involves “bricking” your
          device if you don’t follow the instructions to the letter.

          This is easier than it sounds. It can check the model, use a hook to attach itself to the image and then re flash it. Advanced kits maintain redundancy by infecting as much firmwares and machines as possible.

          Stuff like USB controllers are ridiculously easy to reprogram and they also can infect other USB controllers that are plugged in (mobiles, headsets, etc). Controllers from devices, such as certain hard drives are vulnerable too.

          Such kits have been encountered already. Good luck finding an antivirus solution for that. Some kind of white hat variant would at least be plausible here.

        • Phyl O Butoyi

          Come one man, if the pentagon can be hacked what are you trying to say about a cable box?

  • Jim Brown

    Thank You All for some at least pertinent viewpoints.

    First let me say that I am not a programmer or hacker,
    but I am a genius and have a really broad education.

    I believe that there is much more going on here than
    most people would realize.

    First, to address a couple of comments……
    —>Linux routers are usually high-end…..
    I would be inclined to believe this, although I really don’t know.
    However, in theory, the more chopped-down the OS is the more
    difficult it becomes to use it in an unusual manner.
    And yes, I would agree that your typical cable box is “cheap”,
    but this is like comparing a Formula 1 race car to “the family sedan”,
    yeah, moms grocery getter is nothing more than a glorified
    “major household appliance”, but at the same time certain aspects
    of it can be quite sophisticated, for instance, many late model cars
    can now be shut down or unlocked by satellite.
    The feature is built right into the fuel injection computer.
    By the same token, cable boxes have been the target of thousands of
    hackers for at least 30 years and many very sophisticated schemes
    have been developed to prevent unauthorized access.
    It’s not like they just came out with them last year.

    Now here’s the other half of the story,
    the part that I believe is most important.
    It’s the psychological mind-f*ck part of the equation.

    It is my contention that most, if not all, hacking that you
    read about in the “news” never actually happened.
    It’s a FUD story to keep you in fear and therefore make
    you much more susceptible to believing a lie.
    Or, it’s a trumped-up charge to bring against
    someone they don’t like.
    How many times have you heard that…..
    or the terrorist group of the day,
    has been hacking into government files (or whatever).
    This means WAR, or sanctions against some other country,
    or, we need you to give up more of your rights and tax dollars
    so we can maintain “national security” and protect you
    from these “evil forces” !!!!

    I’ve been studying this type of thing since before the internet.
    The word “government” literally means “mind control”.
    Think I’m kidding??? then why are there over 20 places on the
    internet that are trying to convince people that that’s
    just not true and you must be crazy or stupid if you believe that???

    There are literally thousands of people starting to wake up
    to the fact that they are actually brainwashed slaves and the
    government wants control over your every thought.

    So, the internet is a big problem for the government.
    If they can censor it,
    and then place the blame on “hackers”,
    no one will suspect that they ran the whole operation.

    Of course the rabbit hole goes much, much deeper than this.
    If any one here is interested in pursuing this further I’d be happy to
    provide you with a list of links to get your real education started.

  • Laurie Baker

    I met Danny in 2013 , he is a professional security analyst and certified hacker. the time I met him he already was certified since 2009 and he is very good at testing securities. They hack email passwords, Social networks , Whats’app conversations, Cellphones, Any os .Clear criminal records, Change university grades, Improve credit rating , Bank transfers. You can contact him by sending a mail to [email protected], I bet he is competent and savvy enough to solve your problem whatever it might be!!!!!!!!!!!!!!!!!!!!!

  • Shehrin Khan

    What can you hack ?

  • Curtis Madison

    Inbox [email protected] or text +12282223023 for the services of a certified and ethical hacker to change college grades,clear criminal records etc…hit me up and it’s done