Endpoint/Device Security, Malware

Novel ZuoRAT malware sets sights on various routers

Numerous small office and home office routers across North America and Europe including those manufactured by Cisco, Asus, Netgear, and DayTek have been targeted by the new ZuoRAT trojan, which has successfully attacked at least 80 targets since its emergence during the last quarter of 2020, Ars Technica reports. Black Lotus Labs researchers noted that attackers behind the campaign are highly sophisticated owing to their utilization of both SOHO router compromise to obtain adjacent LAN access, as well as person-in-the-middle attacks. Four malware strains were identified in the campaign, with the MIPS architecture-based ZuoRAT trojan identifying router-connected devices prior to the deployment of the CBeacon, GoBeacon, and Cobalt Strike trojans, according to the report. "ZuoRAT and the correlated activity represent a highly targeted campaign against U.S. and Western European organizations that blends in with typical internet traffic through obfuscated, multistage C2 infrastructure, likely aligned with multiple phases of the malware infection," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.