Millions of home Wi-Fi routers threatened by malware

Millions of domicile Wi-Fi routers threatened by malware — what to practise

A close-up of a generic home Wi-Fi router.

(Epitome credit: KsanderDN/Shutterstock)

In that location's a nasty new slice of malware out there targeting Wi-Fi routers, and yous'll want to make sure yours is fully updated so it doesn't get infected.

The AT&T researchers who discovered the malware are calling it BotenaGo, and information technology's apparently different from the Mirai botnet malware that's been attacking routers since 2022. BotenaGo packs in exploits for 33 unlike known vulnerabilities in 12 different router brands, including D-Link, Linksys, Netgear, Tenda, Totolink, Zyxel and ZTE. A full list is on the AT&T Cybersecurity blog post.

How to avoid the BotenaGo malware

To avoid infection, update your router with the latest firmware. Newer routers, including many high-finish gaming routers and mesh routers, will do this automatically, but you'll want to check your router's administrative interface to make certain that characteristic is switched on.

For less expensive routers, you'll want to go into the administrative interface anyway and check for updates. Some routers let you lot manually starting time an update from within the admin panels. While you're in there, make sure your router is airtight off to administrative access from outside the local network, and make certain that your router'due south administrative countersign is long, strong and unique.

And if you have a router that is five or more than years old, you may take to manually download a firmware update from the manufacturer'southward website to a PC or Mac, then follow the instructions about how to get the update package from your computer to the router. We've got a guide on how to update your router's firmware.

Onetime, patched flaws

The BotenaGo malware gets a foothold into routers using one or more of the 33 known vulnerabilities mentioned in a higher place. These flaws were discovered anywhere from i to eight years agone, so it'due south a off-white bet that virtually or all take been patched in firmware updates since so.

One time on the router, the BotenaGo sets up a backdoor into router using two different obscure ports, so waits for instructions from its command-and-control servers. Only by the time the AT&T researchers got to take a look at those servers, in that location was no trace of any "payload" to exist delivered — either it had been removed or it had never been there in the first identify.

Typical router-malware payloads include boosted malware that "drafts" the router into a botnet to be used in mass attacks against website, equally is the example with Mirai, or code that uses the router to pump out spam emails. (If an infected router is connected to a phone-company DSL line, it can likewise send spam text messages.) In many cases, infected routers spread malware to yet more routers.

The AT&T researchers see three possibilities regarding BotenaGo. Either it is just one step in a multi-stage attack, or information technology's a new tool used past Mirai botnet operators, or it'due south something that is nonetheless in development and was released early by accident.

Information technology's not clear who is behind the BotenaGo malware, but information technology is clear that it's pretty easy to avoid — as long every bit you continue your router's firmware updated.

Paul Wagenseil is a senior editor at Tom'due south Guide focused on security and privacy. He has likewise been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He'southward been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and fifty-fifty moderated a console discussion at the CEDIA dwelling house-technology conference. Y'all can follow his rants on Twitter at @snd_wagenseil.