Linksys routers users change the password or stop using them. Clients are getting infected with malware

Linksys, a renowned router manufacturer, has resorted to an urgent measure to protect its users. The company’s IT teams had to forcibly reset passwords for all of their customers’ Smart WiFi accounts after a group of cybercriminals illegitimately accessed a set of these devices, tricking users with malware using the COVID-19 theme.

This measure was implemented after all user accounts were blocked because computer security firm Bitdefender revealed that a group of threat actors had started a cyberattack campaign against these devices, using the credential-filling technique.

On the malicious campaign, hackers used a website with content related to the actions implemented by the World Health Organization regarding the coronavirus crisis, inviting users to download an alleged application containing up-to-date data and contagion prevention measures.

That application was hosted on a platform similar to GitHub. Once downloaded by users, the installation of Oski, a malware designed for information theft, specifically searching for login credentials and even online cryptocurrency wallets was targeted.    

Linksys customers were informed about this measure earlier on this week. In addition, the company added a report on the alleged WHO site and the false application with data on the progress of coronavirus/COVID-19.

In this regard, a spokesperson for the company mentioned that illegitimate access was made through cloud-hosted Smart WiFi accounts, which were the victim of the credential-filling attack. Login data would have been obtained by hackers in a previous data breach incident: “This is the consequence of a chain of incidents that began with data theft on a non-Linksys platform,” the spokesman concluded.

The company updated the FAQ section on its website with some details about the incident. The main recommendation for users of these routers is to implement a strong password and, if you have installed the application, delete it immediately.

Multiple security incidents have previously been filed on Linksys, mainly related to attacks on your users’ routers for the purpose of integrating them into gigantic botnets, in addition to information theft. For more information, feel free to visit manufacturer’s official platforms.