Is called Cuttlefish and it is a new and disturbing malware, discovered by cybersecurity experts at Black Lotus Labs.
Apparently, this malicious agent targets routers in both business and home contexts, with the clear goal of eavesdropping password and others sensitive credentials of the victims. According to what was stated by the experts who identified Cuttlefish for the first time, this acts through a zero-day vulnerability or, in other cases, with brute force attacks.
The malware, once installed on the router, creates a proxy through which it captures sensitive data received and sent through the router, intercepting and stealing it. What makes Cuttlefish particularly feared are also its advanced obfuscation tactics.
Despite Black Lotus Labs’ research, little is currently known about this campaign. Information such as the identity of the attackers, models of at-risk routers, and the number of potential victims are currently unknown.
Cuttlefish creates a proxy on your router and steals passwords from unsuspecting victims
Despite what has just been said, Cuttlefish has interesting similarities with the group’s work HiatusRATa hacker group linked to the Chinese government, although there is no confirmation of this.
Finally, the Black Lotus Labs team wanted to provide a series of instructions to help potential victims avoid the worst. From this point of view, the access credentials to the router backend must consist of complex passwords and, possibly, change periodically.
Update the firmware of the device, then, is practically a must. If this is not possible because the router is old, the advice is to replace the hardware with a newer model. Also an reboot every now and then, according to experts, it can be useful to guarantee a safe environment.
For the more experienced, keep an eye on the accesses from suspicious IP addresses and protect the traffic with TLS/SSL it can be a further step to avoid infections of this type.