Researchers have uncovered advanced malware thatโs turning business-grade routers into attacker-controlled listening posts that can sniff email and steal files in an ongoing campaign hitting North and South America and Europe.
Besides passively capturing IMAP, SMTP, and POP email, the malware also backdoors routers with a remote-access Trojan that allows the attackers to download files and run commands of their choice. The backdoor also enables attackers to funnel data from other servers through the router, turning the device into a covert proxy for concealing the true origin of malicious activity.
โThis type of agent demonstrates that anyone with a router who uses the Internet can potentially be a targetโand they can be used as proxy for another campaignโeven if the entity that owns the router does not view themselves as an intelligence target,โ researchers from security firm Lumenโs Black Lotus Labs wrote. โWe suspect that threat actors are going to continue to utilize multiple compromised assets in conjunction with one another to avoid detection.โ