New malware hits via infected routers

by Tomas Statkus - -

Cybercriminals use hardware as a top-tier threat vector. The access of the Internet of Things (IoT) devices to a network and poor security protection are potential causes of this.

New malware hits via infected routers

Bleeping Computer announced that new malware hits applying a new strain, RouteX. RouteX targets routers used by enterprises, especially Netgear routers that run unpatched or older firmware. As a result, hijacked proxies use leaked information.[1]

RouteX possibly links to a Russian-based hacker called Links. Similarly, the malware leverages an error CVE-2016-10176. This error has an impact on the web server which contains the Netgear WNR routers and enables the administrative interacts. “The vulnerability allows unauthenticated attackers to perform sensitive, admin-level actions,” Bleeping Computer stated.

After compromising the device, SOCKS proxy is installed, followed by Linux firewall rules preventing others from using the same error, and limiting the router to a certain selection of IPs because these routers are applied in credential stuffing attacks.

Proxies on infected routers allow attackers to cycle through new sets of IP addresses and obviate injunctions from detection software.

The establishment of a set of compromised routers, multiple online services attacks and IP shifts allow malware to emit nonworking information.

Creating the updates for the newest hardware, Netgear should fix the issue. However, it can be challenging for researchers to predict the total volume of the problem, due to a large number of routers in the market, even though the majority of the credential-stuffing possible victims are Fortune 500 organizations that were already informed about the malware attacks.[2]

It is worth mentioning that this is not the first attack via compromised routers. Recently, there were flows detected in D-Link routers, without any actionable results even after contacting the developer.

In addition, ZDNet reported that AT&T put their customers at hacking risk because five flaws were discovered in popular routers that possibly could have been used to alter network functions, change Wi-Fi passwords or reroute internet traffic.[3]

Even if the risk of IoT devices increases, infecting routers is still a popular tool among hackers and cybercriminals. Routers are widely produced and used, and consist of security permissions that can be easily avoided or ignored.

About the author

Tomas Statkus
Tomas Statkus - Team leader

Tomas Statkus is an IT specialist, the team leader, and the founder of He has worked in the IT area for over 10 years.

Contact Tomas Statkus
About the company Esolutions


now online
Like us on Facebook