The Linksys biz router has reset all passwords for customers' Smart Wi-Fi accounts after cybercriminals entered a group and redirected unlucky users to COVID-19-themed malware.
The mass reset took place after the lockout of all user accounts on April 2, following the infoec company Bitdefender developer that malicious people were feeding Linksys devices with credit-stuffing attacks.
Hackers with access to Linksys Smart Wi-Fi accounts changed the DNS server settings of home routers. Attempts by compromised users to reach areas ranging from Disney, pornography and Amazon AWS were redirected to a web page peddling a coronavirus-themed app “which allegedly displays a message from the World Health Organization. health, telling users to download and install an application that provides instructions and information about COVID-19. “
The application was hosted on Bitbucket, a Git-style collaboration tool. Instead of health advice, he distributed the Oski malware that stole information, which allowed him to access his login credentials for various services, including cryptocurrency wallets.
Linksys customers were informed of the firm's password reset earlier this week, along with cryptic and confusing references to “COVID-19 malware”. Affected users must now change their password the next time they connect to the Linksys Smart Wi-Fi application.
Jen Wei Warren, the global PR veep of Linksys parent company Belkin, said The register that the original unlawful access to customer routers via their cloud-based Smart Wi-Fi accounts was a successful attempt to stuff credentials using the login information gathered from previous violations elsewhere.
She said: “Several factors lead us to conclude that credentials were stolen elsewhere: the majority of authentication requests contained usernames that never registered with our system. We verified the addresses e-mail with services like haveibeenpwned.com that list the attempted credentials on our system are known to have been exposed previously. “
Fraudulent scammers hack 100,000 domestic routers via UPnP vulnarians to create a botnet that throws emails
Wei Warren added: “Several attempts have been made using the same username but different passwords, which would not be necessary if our own systems were compromised.
She declined to say how many users were affected by the password reset for unspecified “privacy reasons”.
A Register The reader showed us a copy of the email sent to Linksys customers this week. He said: “All Linksys Smart Wi-Fi accounts were locked at 8:00 p.m. PDT on April 2 because someone was signing in with combinations of email address and password stolen from others. Web sites.”
He continued: “Your account has not been compromised, but as a precaution, we have locked it to prevent unauthorized access. You must change your password to log in again – unless you have already done so since that we locked it. “
More about his questions and answers page Regarding the data breach, Linksys developed a bit: “If you have downloaded a ‘COVID-19 Inform App' your network is infected. You should get rid of it as soon as possible to avoid further impacts on your network. “
Our reader Ben told us that he could not access his account “for a few days” before Linksys was made public, adding: “Now the problem with [the mandatory password change] is that everyone must enter and reset their boxes. When you next connect to the website, it automatically triggers a security scan on your routers to make sure that none of your connected routers have seen the DNS settings changed. If he has it, he will inform you. Fair play! “
To add to the public confusion, the message informing customers of the password reset was not sent by linksys-dot-com. Linksys emails, along with “click here to reset your password” requests, were questioned by people know about Infosec on Twitter, which allowed the company to confirm that the emails were from linksys-email-dot-com.
(1/2) We got you back, Dave. We want to check if this is the email sent by [email protected]? If yes, this email is correct. We have imposed a password change for all of our Linksys Smart Wi-Fi customers due to the recent COVID19 hack.
– LinksysCares (@LinksysCares) April 14, 2020
In 2017, Linksys routers contained a flaw that could have been abused to transform them into botnet nodes. ®
Office 365 client-to-client migration tips