Hackers Attack Popular Linksys Routers that Triggered Password Reset

Walden Systems Geeks Corner News Hackers Attack Popular Linksys Routers to Triggered Password Reset Rutherford NJ New Jersey NYC New York City North Bergen County
Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.

Linksys router users were targeted in an attack that changed router settings, and redirected requests for specific webpages and domains to malicious Coronavirus-themed landing pages that were filled with malware. Researchers identified the attack last month. Hackers gained access to about 1,200 Linksys Smart Wi-Fi accounts by credential-stuffing attacks. The Linksys Smart Wi-Fi app is a password-protected webpage that allows customers to manage their router settings. Once compromised, hackers manipulated the dns function so victims would unknowingly visit malicious webpages. The attacks redirects victims to a malware infested site that delivers the Oski infostealer.

The attacks redirected requests to many domains, including Disney.com, RedditBlog.com, AWS.Amazon.com, Cox.net and Washington.edu. When trying to reach one of the domains, users are redirected to an IP addres that displays a fake message from the World Health Organization, telling users to download and install an application that offers instructions and information about COVID-19. The download was a malicious file from one of four Bitbucket repositories. The file was a dropper that pulled the malware down from a hacker-controlled command-and-control server.


Linksys recommends resetting passwords by going to https://linksys.com/reset or by clicking on forgot password on the Linksys app. Linksys customers are being notified and that all customers should be made aware of the incident and forced password reset over the next week or so. It's still unclear how the routers are being compromised but, based on available information, it seems that hackers are bruteforcing some Linksys router models, either by directly accessing the router's management console exposed online or by bruteforcing the Linksy cloud account.