Security company Check Point Research has discovered malware for a variety of TP-Link home and business routers. With its help, hackers, allegedly supported by the Chinese authorities, connect infected devices to a network in which data traffic is secretly forwarded to servers controlled by attackers.
Image source: Pixabay
According to Check Point, the malicious firmware contains a fully functional backdoor that allows hackers to communicate with infected devices, transfer files, execute commands remotely, and upload, download, and wipe data on controlled devices. Malicious software is distributed under the guise of TP-Link router firmware. It is believed that the main purpose of the software is to secretly forward traffic between infected devices and hacker-controlled servers.
An analysis of the malware revealed that its operators are linked to the Mustang Panda group, which Avast and ESET say is backed by Chinese authorities. Malicious firmware was discovered while investigating a series of hacking attacks on European foreign policy structures. The main part of the software is a backdoor called the Horse Shell. It allows remote execution of commands on infected devices, transfer of files for downloading to victim devices and uploading of data, and exchange of data between two devices using SOCKS5 protocol.
“A backdoor can be used to forward data between two nodes. This allows attackers to create a chain of nodes that send traffic to a controlled server. This approach allows cybercriminals to hide the ultimate target, since each node in the chain only has data about the previous and next node, each of which is an infected device. Few nodes contain data about the terminal node.says CheckPoint.
Add Comment