What is this "New Malware"?
The new kid in town does not seem to be that new. This particular malware goes by the name of "ZuoRat", and reportedly has been in circulation since 2020. Around this time is when Working from Home really took off, and office buildings were abandoned in favor of cozy home offices, company from pets, and pajamas all day long. Unfortunately, malicious cyber folk wait for no one, and they wasted no time crafting a new kind of malware with the sole purpose of infecting SOHO routers (Small Office, Home Office). This malware allows for the attackers to collect data that is in transit, hijack connections that are taking place, and also compromises devices that are on adjacent networks to the infected router!
While big corporation networks and internet systems have plenty of security in place, smaller offices and personal office often lack these security measures, which is why these networks were such easy prey for this particular piece of malware. While we do not know the particular details down to the models of routers that can be at risk, there is a list of company's from which routers have been found to be compromised. The list goes as follows:
- Cisco
- NETGEAR
- Asus
- DrayTek
- and potentially more on the way!
According to researchers over at Black Lotus Labs who were the ones to initially discover this malware in their testing, the perpetrator behind this whole operation seems to be very sophisticated and meticulous when it comes to their work. This malware was able to work undetected for the better part of two years now, and covers its tracks as it slowly goes around gathering data from networks.
What can I do if this malware is found on my router?
Fortunately for you, and unfortunately for the malware and assailant, this malware can be cleared from your router by a simple factory reset. Methods for a factory reset vary from different makes and models of routers, so we have included some guides to resetting routers from the manufacturers that were listed in this article. Something of note, when you factory reset your router, your SSID and Password will also be reset back to their default values, prompting you to update them again within the router settings.
Reset for: Cisco Routers
Reset for: NETGEAR Routers
Reset for: Asus Routers
Reset for: DrayTek Routers
Be on the lookout for news from your router company, checking every so often for new updates that can be sent over the air to your router. As this is a new kind of malware, company's are still working to figure out which of their devices may be compromised, and what they can do to stop the further attacks from this malware. To read more about this malware attack to get even more detailed information, be sure to click the links at the bottom of the article. Be safe out there in the cyber world!
Sources:
