A sophisticated, multistage remote access trojan (RAT) that’s been active since April 2020, is exploiting known vulnerabilities to target popular SOHO routers from Cisco Systems, Netgear, Asus and others.
• Researchers at Lumen Technologies’ Black Lotus Labs have been tracking a sophisticated malware, dubbed ZuoRAT, that has been attacking Small Office/Home Office (SOHO) routers.
• The malware, after gaining access to the router can pivot to other systems connected on the LAN, capture packets being transmitted on the device and stage man-in-the middle attacks through DNS and HTTPS hijacking.
• ZuoRAT is assessed to be a sophisticated campaign leveraging infected SOHO routers to target predominantly North American and European networks of interest