New Malware Targeting Routers, Access Points, And Networking Equipment Discovered: How To Stay Protected?

A new malware, believed to have originated from China, is targeting routers, Wi-Fi access points, and other home and office networking equipment. The backdoor access, dubbed Horse Shell, has multiple capabilities and can be used for infiltration, infection, and data theft.

Cybersecurity researchers from Check Point Research (CPR) have discovered a new backdoor or security vulnerability. The trojan horse appears to be looking for entry-level to midrange networking equipment, which is commonly found in homes and small offices.

What Is "Horse Shell" And How Does It Infect Networking Equipment?

Cybersecurity researchers from CPR have discovered a new backdoor that attempts to infect routers, access points, and other networking equipment. Currently, the backdoor, which the researchers have named Horse Shell, is going after relatively simple networking hardware.

Horse Shell allows threat actors to gain full control of the infected endpoint, claimed the researchers. Additionally, the malware lets them stay hidden and gives access to the wider network.

Researchers discovered Horse Shell on TP-Link routers. However, they insist that the malware can go after equipment from other manufacturers and brands as it is firmware-agnostic.

A "wide range of devices and vendors may be at risk". This suggests that the attackers are aiming at hardware with known vulnerabilities. Moreover, the group behind the malware may also be experimenting by targeting equipment with weak or easily guessable login credentials.

How To Stay Protected From The New Threat To Routers And Other Networking Equipment?

Researchers at CPR are confident the group behind the attack is Camaro Dragon, which is a notorious Chinese Advanced Persistent Threat (APT) group with direct links to the Chinese government. Researchers have also discovered that the APT's infrastructure "significantly overlaps" with that of another state-sponsored Chinese attacker Mustang Panda.

Cybersecurity researchers have discovered that Horse Shell, and its creators, seem to be randomly infecting routers and access points. It is possible they are trying to create a chain of nodes between the main infections and the real command and control center. Simply put, the group is hoping to create a pathway using infected devices between their hardware and the intended target.

There are some ways to stay protected from Horse Shell and similar other malware that targets networking equipment. Always use strong passwords and change them frequently. Update the firmware and software of the routers and other devices.

Cybersecurity experts recommend opting for dedicated endpoint protection solutions and firewalls. Install reliable antivirus programs and keep them updated. Moreover, stay alert and never share login credentials.