In this episode of the Security Ledger podcast, brought to you by ReversingLabs, we interview Danny Adamitis (@dadamitis) of Black Lotus Labs about the discovery of ZuoRAT, malware that targets SOHO routers – and is outfitted with APT-style tools for attacking the devices connected to home networks.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google Podcasts, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.
Cyber attacks on small office and home office (or SOHO) routers aren’t new. Back in 2016, the malware known as Mirai made headlines across the world by infecting hundreds of thousands of weekly protected SOHO routers and DVR devices and stringing them into a potent botnet that could be leased out to distribute spam and launch crippling denial of service attacks.
But for all its bluster, Mirai and the IoT botnets that followed it were pretty simple creatures. They infected SOHO routers by exploiting default passwords (mostly). The goal was to own the router itself. The goal was to build a platform for future, external attacks – not probing the home and small business networks the routers fronted.
ZuoRAT: sniffing around home networks Danny Adamitis is a researcher at