Router malware spreads to steal passwords by Justin Ferris
Researchers at security company Symantec are tracking the spread of a dangerous virus called “Dyre,” also known as “Upatre.” It’s a highly dangerous data-stealing app that infects your browser and intercepts your banking information.
Until recently, Dyre was delivered in the usual way. You would get a phishing email and click a malicious link that would take you to a hacker-run site that would attack your browser or trick you into downloading and running an infected file.
Once the virus was running, not only would it steal your information, it would use your computer to send spam containing the virus. However, researchers have noticed that the virus has moved beyond just infecting computers.
The researches have seen hundreds of routers infected with Dyre that are communicating with hacker-run servers and sending out virus-filled spam. So far, the affected routers are ones running MikroTik and Ubiquiti’s AirOS operating systems.
Researchers aren’t quite sure how the routers are being taken over, but they suspect it’s because the routers never had their default password changed. Most new routers come with a default password that’s the same for every model unit.
Hackers have lists of router models and their default passwords, which means if you don’t change your router’s password you’re just inviting hackers in. Learn how to change your router password now, and other secure measures you need to take to keep hackers and viruses out.
Source: KrebsOnSecurity Security & Privacy