Security News > 2023 > March > New HiatusRAT Malware Targets Business-Grade Routers to Covertly Spy on Victims
A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022.
Given that the impacted devices are high-bandwidth routers that can simultaneously support hundreds of VPN connections, it's being suspected that the goal is to spy on targets and establish a stealthy proxy network.
HiatusRAT is feature-rich and can harvest router information, running processes, and contact a remote server to fetch files or run arbitrary commands.
The use of compromised routers as proxy infrastructure is likely an attempt to obfuscate the C2 operations, the researchers said.
The findings come more than six months after Lumen Black Lotus Labs also shed light on an unrelated router-focused malware campaign that used a novel trojan called ZuoRAT. "The discovery of Hiatus confirms that actors are continuing to pursue router exploitation," Dehus said.
"These campaigns demonstrate the need to secure the router ecosystem, and routers should be regularly monitored, rebooted, and updated, while end-of-life devices should be replaced."
News URL
https://thehackernews.com/2023/03/new-hiatusrat-malware-targets-business.html
Related news
- TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service (source)
- New Cuttlefish malware infects routers to monitor traffic for credentials (source)
- New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials (source)
- New SOHO router malware aims for cloud accounts, internal company resources (source)