Linux.Wifatch

Malware that secures infected devices From Wikipedia, the free encyclopedia

Linux.Wifatch

Linux.Wifatch is an open-source piece of malware which has been noted for not having been used for malicious actions, instead attempting to secure devices from other malware.[2]

Quick Facts Alias, Family ...
Linux.Wifatch
Alias
FamilyVirus
AuthorsThe White Team
Technical details
PlatformLinux
Written inPerl[2]
Close

Linux.Wifatch operates in a manner similar to a computer security system and updates definitions through its Peer to Peer network and deletes remnants of malware which remain.[3]

Linux.Wifatch has been active since at least November 2014.[4] According to its authors the idea for Linux.Wifatch came after reading the Carna paper.[5] Linux.Wifatch was later released on GitLab by its authors under the GNU General Public License on October 5, 2015.[6]

Thumb
Linux.Wifatch affects multiple architectures. ARM accounts for 83%, MIPS accounts for 10%, and SH4 accounts for 7%.[2]

Operation

Linux.Wifatch's primary mode of infection is by logging into devices using weak or default telnet credentials.[2][4] Once infected, Linux.Wifatch removes other malware and disables telnet access, replacing it with the message "Telnet has been closed to avoid further infection of this device. Please disable telnet, change telnet passwords, and/or update the firmware."[2]

See also

References

Loading related searches...

Wikiwand - on

Seamless Wikipedia browsing. On steroids.