In late May, Cisco security researchers uncovered a router-hacking malware named, which was reported to infect more than 500,000 consumer Wi-Fi devices. At that time, the infected router belonged to companies like TP-Link, Linksys, MikroTik, and Linksys.
As per the latest, additional device vendors are being targeted by the malware. The new targets include ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. Notably, Cisco network devices remain unaffected, the researchers claim.
The additional discovery deals with a new stage 3 module that is being used for infecting web content as the traffic passes through a network device. It further grants a man-in-the-middle capability to the malware.
Called ssler and pronounced Esler, the module is aimed at facilitating data exfiltration and JS injection via port 80. The researchers also expect it to be executed with a parameter list for deciding targets.
After infecting the router, first, it configures the iptables to redirect all traffic to the local port and uses insmod command to insert various modules.
It further intercepts any outgoing web requests on port 80. The traffic can thus be inspected and manipulated before it reaches the HTTP service.
This development clearly shows that is continuously growing and its scope has expanded. It also means that remains alive even after you’ve followed FBI’s advice of rebooting the router.
You can read further details on the dangerous router malware in this Cisco post.
Post first appeared on fossbytes.com