Chinese Malware Can Turn Your WiFi Routers Into Cyber Spies

China is famous for its viruses. This time Chinese state-sponsored malware found which can corrupt domestic routers & make them cyber spies.

A recent discovery by Check Point Research has unveiled a hair-raising cyber threat in the form of Chinese state-sponsored malware. 

This malicious firmware has the capability to transform residential and small office routers into covert networks, effectively turning innocent routers into cyber spies.

The firmware implant goes beyond the typical cyber threat. It is a highly sophisticated menace that includes a comprehensive backdoor, allowing attackers to establish communication, transfer files, and remotely execute commands on compromised devices. 

The malware is disguised within firmware images for TP-Link routers, displaying a meticulous effort to ensure compatibility with various router models, making it easy for attackers to adapt and expand their reach.

The malware operates as a relay, covertly transmitting traffic between infected targets and the attackers’ command and control servers. 

This cleverly obscures the origins and destinations of communication, making it difficult to trace back to the cyber espionage activities. 

Through further investigation, Check Point Research traced the control infrastructure to a threat actor known as Mustang Panda, which is allegedly associated with the Chinese government, according to security firms Avast and ESET.

Rather than specific targeting, the malware follows a strategy of infection for obfuscation. The compromised routers act as intermediate nodes in a chain, creating a network between primary infections and the actual command and control system. This allows the attackers to maintain control and communicate without raising suspicion.

The implant, named ‘Horse Shell’ internally, comprises three key functions. 

Firstly, it includes a remote shell that enables the execution of commands on the infected device. 

Secondly, it facilitates file transfer, allowing both uploading and downloading of files. 

Lastly, it incorporates SOCKS5 functionality, a protocol used for proxying TCP connections and forwarding UDP packets, enabling data exchange between infected devices.

The ultimate objective of the malware is to create a chain of shadows, leveraging the SOCKS5 functionality to establish encrypted connections between infected devices. 

This approach effectively masks the origin, destination, and purpose of the cyber espionage. 

Even if one node in the chain is disrupted, the attacker can route traffic through an alternate node to maintain communication with the command and control servers.

The discovery of this Chinese state-sponsored malware highlights the alarming potential of home WiFi routers being turned into cyber spies. 

The sophistication and adaptability of the malware, along with its obfuscation techniques, pose a significant threat to cybersecurity. 

Also Read:- Lava Agni 2 5G Launched In India With 3D Dual Curved AMOLED Display

It underscores the need for robust security measures and heightened awareness to protect against such state-sponsored cyber espionage activities.