For hackers, routers are an easy target, perhaps because they are seldom updated and virus-scanned and are also easily cracked. But shockingly, a report from Symantec claims that a new router virus may make devices safer.
A bug that is dubbed ‘Linux.Wifatch’ is like a normal malware and also behaves like one: infecting vulnerable devices, while operating remains undetected, and synchronizing actions via a peer-to-peer network.
The differentiating factor of Wifatch is to prevent other viruses from breaching in the system. It does not perform any DDoS attacks nor does it look up for sensitive data in the system. On virus definitions, it stays informed through P2P network and halts other channels through which malware can attack the router along with the removal of malware discovered. To be brief, Wifatch protects potential victims.
“There is no doubt that Linux.Wifatch is an interesting piece of code. Whether the author’s intentions were to use their creation for the good of other IoT users—vigilante style—or whether their intentions were more malicious remains to be seen,” says Mario Ballano, a researcher of Symantec.
There is still not enough clarity as to its reason or creation, but one thing is for sure –Wifatch is different from an average virus. As detected in 2014 by the researcher, this virus leaves kind messages in its code. Wifatch comes into action when a user accesses the Telnet feature, reminding users to update the device.
Another feature is that its source code repeats a statement that reads:
“To any NSA or FBI agents reading this: please consider whether defending the US constitution against all enemies, foreign or domestic, requires you to follow Snowden’s example.”
According to Symantec, around 10,000+ devices are infected with Linux.Wifatch. These infections mainly target Mexico, China and Brazil. To remove it, restarting the browser is quite enough but Symantec believes that this virus may again infect your device over time.