Internet Security Blog - Hackology
Linksys Auto Reset Password

Cyber Attack Forces Linksys to Reset Smart Wi-Fi Passwords



Linksys router manufacturer forcibly reset passwords for the accounts of all Linksys Smart Wi-Fi users after cyber criminals hacked routers in order to distribute a fake application from the World Health Organization, allegedly providing up-to-date information about COVID-19.

Linksys Issues Hack Warning

All Linksys Smart Wi-Fi accounts were blocked on April 2 because someone logged into the system using an email address and password stolen from other sites. Your account was not compromised, but because of caution, we blocked it to prevent unauthorized access. You need to change the password for logging in

the message was sent to users of Linksys

In March of this year, researchers discovered a malicious campaign in which attackers changed legitimate DNS servers to their own, as a result of which a notification was displayed in the user’s browser asking them to download a program from WHO, which is actually an Oski Infostealer designed to steal credentials and cryptocurrency wallets.

Oski Info Stealer Hack Procedure

  • Targets Linksys routers, brute forcing remote management credentials
  • Hijacks routers and alters their DNS IP addresses
  • Redirects a specific list of web pages/domains to a malicious Corona virus-themed web-page
  • Uses Bitbucket to store malware samples
  • Uses TinyURL to hide Bitbucket link
  • Drops Oski infostealer malware

As vice president of public affairs at Belkin (parent company of Linksys) Jen Wei Warren told The Register, criminals used credentials from previous hacks during a cyber attack. Warren said,

Credentials were stolen elsewhere: most authentication requests contained usernames that were never logged into our system. We checked email addresses using services such as haveibeenpwned.com. The criminals made several attempts using the same login, but with different passwords, which would not have been necessary if our systems had been compromised.

Conclusion

While attackers are likely probing the internet for victims that have vulnerable routers, Bitdefenderā€™s own telemetry shows that victims in Germany, France and the United States account for over 73 percent of the total. These countries are also among those most affected by the Corona virus outbreak, potentially explaining why attackers are using the pandemic themed websites. Stay Cyber Safe



Get Wise

Subscribe to my newsletter to get latest InfoSec / Hacking News (1 Email/week)
Brave Browser Message

Pin It on Pinterest

Shares
Share This