We seem to have a vigilante white hat hacker on our hands, as newly discovered ‘malware’ aimed at Internet of Things devices and certain routers appears to be making these devices more secure. The Linux.Wifatch virus is doing the exact opposite of what most viruses would, rather than stealing user information or holding systems for ransom, it is actually improving security.
Linux.Wifatch was discovered by security firm, Symantec, which explained: “We first heard of Wifatch back in 2014, when an independent security researcher noticed something unusual happening on his home router. At first sight there was nothing unusual about it. As part of Symantec’s efforts to identify malware targeting embedded devices we run a large network of honeypots that collect many samples, and Wifatch seemed to be just another of these threats.”
“However, after a closer look, this particular piece of code looked somewhat more sophisticated than the average embedded threat we usually spot in the wild. Once a device is infected with the Wifatch, it connects to a peer-to-peer network that is used to distribute threat updates. The further we dug into Wifatch’s code the more we had the feeling that there was something unusual about this threat. For all intents and purposes it appeared like the author was trying to secure infected devices instead of using them for malicious activities.”
The Wifatch virus has been under observation for a few months now by the security firm. However, it also pointed out that it hasn’t been observed performing any malicious acts so far, which could potentially change at some point as the code contains backdoors for the author to use at will. At the end of the day, this is still injected code without user consent or knowledge, mostly over Telnet connections, which means its worth keeping an eye out for.
If you’re interested in reading a more in-depth analysis of Wifatch, you can find the full Symantec report, HERE. I’d recommend giving it a read, it really is some fascinating stuff.
Discuss on our Facebook page, HERE.
KitGuru Says: This is certainly an interesting story. Normally when we hear about new viruses, it turns out to be some form of ransomware or part of some future phishing scam but Wifatch doesn’t appear to be doing anything malicious at this point in time.