A recently discovered vulnerability created a way for hackers to add malicious code to a popular model of router manufactured by D-Link. The malware that hackers are using is adding internet connected devices to a botnet with the intent to mine cryptocurrency and orchestrate denial of service attacks.
The botnet in question is known as Satori and is proven to be versatile in its implementations. Earlier this year the botnet was able to infect cryptocurrency mining machines and change the digital wallet address connected to those devices, effectively sending the funds received from that mining to the attackers. In another attack, Satori infected security cameras and various other internet connected devices and used them to conduct denial of service attacks on large websites.
Satori works by injecting a piece of malware known as a worm into targeted devices. A worm is a type of malware that doesn’t need any additional interactions to infect more devices after that. It self-replicates itself across a network until a device catches it and ends the replications process. Worms can lead to other types of malware installs on systems like adware or in this case a botnet.
The attack is targetting the D-Link DSL 2750B modem/router combo that is widely used by Verizon DSL service and various other internet service providers across the United States. D-Link has not issued a fix for the vulnerability and the last update to the firmware was released in 2015. Because this is an issue with outdated firmware there’s nothing that can be done to prevent the attack on your device. If you own this device, it is recommended that you replace it immediately.
To learn more about how to protect yourself against similar attacks to this one check out our article on 5 ways to secure your home’s Wi-Fi.
Link to original article by ArsTechnica