Internet Security Blog - Hackology
Linksys Auto Reset Password

Cyber Attack Forces Linksys to Reset Smart Wi-Fi Passwords

Linksys router manufacturer forcibly reset passwords for the accounts of all Linksys Smart Wi-Fi users after cyber criminals hacked routers in order to distribute a fake application from the World Health Organization, allegedly providing up-to-date information about COVID-19.

Linksys Issues Hack Warning

All Linksys Smart Wi-Fi accounts were blocked on April 2 because someone logged into the system using an email address and password stolen from other sites. Your account was not compromised, but because of caution, we blocked it to prevent unauthorized access. You need to change the password for logging in

the message was sent to users of Linksys

In March of this year, researchers discovered a malicious campaign in which attackers changed legitimate DNS servers to their own, as a result of which a notification was displayed in the user’s browser asking them to download a program from WHO, which is actually an Oski Infostealer designed to steal credentials and cryptocurrency wallets.

Oski Info Stealer Hack Procedure

  • Targets Linksys routers, brute forcing remote management credentials
  • Hijacks routers and alters their DNS IP addresses
  • Redirects a specific list of web pages/domains to a malicious Corona virus-themed web-page
  • Uses Bitbucket to store malware samples
  • Uses TinyURL to hide Bitbucket link
  • Drops Oski infostealer malware

As vice president of public affairs at Belkin (parent company of Linksys) Jen Wei Warren told The Register, criminals used credentials from previous hacks during a cyber attack. Warren said,

Credentials were stolen elsewhere: most authentication requests contained usernames that were never logged into our system. We checked email addresses using services such as The criminals made several attempts using the same login, but with different passwords, which would not have been necessary if our systems had been compromised.


While attackers are likely probing the internet for victims that have vulnerable routers, Bitdefender’s own telemetry shows that victims in Germany, France and the United States account for over 73 percent of the total. These countries are also among those most affected by the Corona virus outbreak, potentially explaining why attackers are using the pandemic themed websites. Stay Cyber Safe

Add comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get Wise

Subscribe to my newsletter to get latest InfoSec / Hacking News (1 Email/week)
Utopia p2p Ecosystem

Discover more from Internet Security Blog - Hackology

Subscribe now to keep reading and get access to the full archive.

Continue reading