CyberNews.com’s Investigations team has announced that they have identified hidden backdoors in Chinese-manufactured routers that share common firmware, with evidence that the routers are being exploited by the Mirai malware. In a collaboration between CyberNews.com Senior Information Security Researcher Mantas Sasnauskas and researchers James Clee and Roni Carta, the team found that routers sold by Amazon, eBay and Walmart are all affected, and vulnerabilities are already being exploited.
The two brands identified are, Wavlink routers that are available on eBay and also highlighted as an Amazon Choice Router, and Jetstream routers which are sold exclusively at Walmart. These critical vulnerabilities allow attackers to remotely control the routers as well as any device connected to that network and monitor all the traffic coming through that router. It’s akin to constant surveillance on your personal network, with someone watching all your activity and stealing all your information. Additionally, the Wavlink routers contain a script that lists nearby wifi and has the capability to compromise those networks.
CyberNews has already detected multiple malicious attempts from a Chinese IP address, which is trying to upload and execute a harmful script on the routers. After investigating the suspicious file, the investigation team has identified that it is part of the infamous Mirai botnet. The Mirai botnet has been responsible for multiple major attacks, including a large-scale DDoS attack in 2016 that left much of the internet inaccessible on the US East coast.
