{"id":469347,"date":"2022-06-30T19:53:35","date_gmt":"2022-06-30T16:53:35","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/new-zuorat-malware-attacks-routers-and-hijacks-connected-devices-review-geek\/"},"modified":"2022-06-30T19:53:35","modified_gmt":"2022-06-30T16:53:35","slug":"new-zuorat-malware-attacks-routers-and-hijacks-connected-devices-review-geek","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/new-zuorat-malware-attacks-routers-and-hijacks-connected-devices-review-geek\/","title":{"rendered":"#New ZuoRAT Malware Attacks Routers and Hijacks Connected Devices \u2013 Review Geek"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3879584e2e3\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3879584e2e3\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/new-zuorat-malware-attacks-routers-and-hijacks-connected-devices-review-geek\/#%E2%80%9CNew_ZuoRAT_Malware_Attacks_Routers_and_Hijacks_Connected_Devices_%E2%80%93_Review_Geek%E2%80%9D\" >&#8220;New ZuoRAT Malware Attacks Routers and Hijacks Connected Devices \u2013 Review Geek&#8221;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9CNew_ZuoRAT_Malware_Attacks_Routers_and_Hijacks_Connected_Devices_%E2%80%93_Review_Geek%E2%80%9D\"><\/span>&#8220;New ZuoRAT Malware Attacks Routers and Hijacks Connected Devices \u2013 Review Geek&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div id=\"article-content-area\">\n<figure style=\"width: 1920px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage size-full wp-image-104566\" data-pagespeed-no-defer=\"\" src=\"https:\/\/www.reviewgeek.com\/p\/uploads\/2021\/12\/8380dbac.png?width=1200\" alt=\"A Wi-Fi router in the dark.\" width=\"1920\" height=\"1080\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-illustration\/wifi-wireless-internet-router-on-dark-607183886\">KsanderDN\/Shutterstock<\/a><\/span><\/figcaption><\/figure>\n<p>Our transition to remote work has some odd implications for security. While an office\u2019s IT team may monitor a router\u2019s activity and patch vulnerabilities, teleworkers rarely do the same for their home office routers. And that\u2019s opened the door to new malware, such as ZuoRAT.<\/p>\n<p>Identified and described by <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/redirect.viglink.com\/?key=204a528a336ede4177fff0d84a044482&amp;u=https%3A%2F%2Fblog.lumen.com%2Fzuorat-hijacks-soho-routers-to-silently-stalk-networks%2F\">Black Lotus Labs<\/a>, the ZuoRAT malware is a\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/410634\/what-is-rat-malware-and-why-is-it-so-dangerous\/\">remote access trojan<\/a>\u00a0(or RAT). It collects and sends a victim\u2019s private data to an outside threat actor, usually a hacker or group of hackers. But ZuoRAT is especially sophisticated and damaging, for several reasons.<\/p>\n<p>First, ZuoRAT targets SOHO (small business\/home office) routers. It collects\u00a0DNS lookups and network traffic from its victims\u2014that\u2019s some incredibly sensitive data, especially if you\u2019re a teleworker or small business. It doesn\u2019t help that this malware is two years old.\u00a0It\u2019s slowly infected routers since 2020.<\/p>\n<p>Stealing network traffic is one thing, but ZuoRAT isn\u2019t just some passive malware. It deploys two additional RATs to network-connected devices once it infects a router. And once that\u2019s done, ZuoRAT can install even more malware to devices on a local network. This attack could allow hackers to hijack an entire network of PCs, bring down a small business with ransomware, or turn a local network into a botnet.<\/p>\n<p>ZuoRAT is custom-built on the\u00a0MIPS architecture, and it\u2019s basically undetectable with current security software. Also, it takes advantage of unpatched vulnerabilities in SOHO routers. Given the details, ZuoRAT may be the tool of a powerful hacking group or aggressive nation-state. (The last major SOHO router malware, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.hotspotshield.com\/blog\/russian-hackers-vpnfilter\/\">called VPNFilter<\/a>, was developed and deployed by the Russian government.)<\/p>\n<p>The ZouRAT malware <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ears to infect SOHO routers from\u00a0Cisco, Netgear, Asus, and DrayTek. Like most router malware, ZouRAT will die if you restart your router\u2014removing the malware from other devices on your network may be a bit tricky, though.<\/p>\n<p>If you own a SOHO router, I suggest restarting it and running an update for the latest firmware. But if this malware affects devices on your network, such as your PC, you may need to perform a factory reset.<\/p>\n<p><small>Source: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/redirect.viglink.com\/?key=204a528a336ede4177fff0d84a044482&amp;u=https%3A%2F%2Fblog.lumen.com%2Fzuorat-hijacks-soho-routers-to-silently-stalk-networks%2F\">Black Lotus Labs<\/a><\/small>\n<\/div>\n<p><script>\nsetTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s)}(window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n  fbq('init', '1137093656460433');\n  fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.reviewgeek.com\/122130\/new-zuorat-malware-attacks-routers-and-hijacks-connected-devices\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;New ZuoRAT Malware Attacks Routers and Hijacks Connected Devices \u2013 Review Geek&#8221; KsanderDN\/Shutterstock Our transition to remote work has some odd implications for security. While an office\u2019s IT team may monitor a router\u2019s activity and patch vulnerabilities, teleworkers rarely do the same for their home office routers. And that\u2019s opened the door to new malware,&#8230;<\/p>\n","protected":false},"author":1,"featured_media":469348,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.reviewgeek.com\/p\/uploads\/2021\/12\/8380dbac.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-469347","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/469347","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=469347"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/469347\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/469348"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=469347"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=469347"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=469347"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}