A dangerous new strain of malware is targeting Wi-Fi routers, experts have warned. As soon as your Wi-Fi router is infected, hackers unlock unrestricted internet access to download and deploy more malware across your home network – targeting specific devices or spying on your internet activity. Researchers for security firm Trend Micro highlighted a new virus known as Cyclops Blink, which has been tracked back to a Russian state-sponsored malware known as Sandworm.
Sandworm was deployed in a number of high-profile attacks, including the intrusion on the Ukrainian electrical grid in 2015 and 2016. The attack on the 2018 Olympic Winter Games was also traced back to the Russian state-sponsored malware. This new linked variant Cyclops Blink is designed for smaller-scale targets.
As it stands, Cyclops Blink is aimed at Wi-Fi routers produced by ASUS and replaces another popular malware, dubbed VPNFilter, that was designed to infiltrate small companies and home offices. ASUS has acknowledged the existence of the new malware and is working on a fix to shield its customers from the attacks.
It’s not known when Cyclops Blink first emerged, however, the latest Trend Micro report revealed that some ASUS routers in the United States, India, Italy, Canada and Russia have been plagued by this malware since June 2019. A law firm, based in Europe, was also attacked by the same digital infection.
According to Micro Trends, Wi-Fi routers and other IoT (Internet Of Things) products, such as smart lightbulbs, thermostats, video doorbells, and plugs, are becoming increasingly popular targets due to the infrequency of security patches and absence of security software. If the popularity of these household targets continues, Trend Micro warns that it could lead to the beginning of “eternal botnets.”
“Once an IoT device is infected with malware, an attacker can have unrestricted internet access for downloading and deploying more stages of malware for reconnaissance, espionage, proxying, or anything else that the attacker wants to do,” the researchers said. “In the case of Cyclops Blink, we have seen devices that were compromised for over 30 months (about two and a half years) in a row and were being set up as stable command-and-control servers for other bots.”