Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ZuoRAT Trojan Targeting Home Routers

tremolo
Dialled in

on ‎30-06-2022 00:02

Could a VM rep please confirm whether or not the Superhub in router mode is vulnerable to ZuoRAT?

Also, to those who use modem mode, you should probably check if your router is affected. It's reported that ASUS, Cisco, DrayTek and Netgear are vulnerable.

https://www.zdnet.com/article/this-sophisticated-malware-is-targeting-routers-to-break-into-networks...  

3 REPLIES 3

Anonymous
Not applicable

on ‎04-07-2022 17:16

Good spot. Thanks for this. 

Apparently a factory reset is the surest way of clearing an infection:

 If you fear that your router has been compromised, simply restarting an infected device will remove the initial ZuoRAT exploit. To fully recover, however, a factory reset clears infected devices.https://blog.malwarebytes.com/reports/2022/06/zuorat-is-a-sophisticated-malware-that-mainly-targets-...

 

ALF28
Super solver

‎06-12-2022 08:08 - edited ‎06-12-2022 08:34

It would depend on the equipment used, I have hub 3 which is Arris so I presume it is not affected.?

My own home router is not on the list, I use the hub 3 in modem mode, however my own router firmware was udated recently in November so I have updated my own router.

I do a router check often and that was normal, but only shows my own router having no vulnerabilities or open ports, so this does not check the hub3 which is in modem mode.

My  laptop antivirus scans did show  something recently different on my laptop which was PUA:Win32/I0bit  (variant) which was removed and can be linked to hacking/trojan and phishing emails/bank details, not sure what it was, may be something I downloaded.

I presume udating firmware would remove any router trojans?, I have not recently done any factory resets and unsure if that is needed.

I hope VM would dedect if any equipment was infected including the superhub, and is re-booting sufficient to clear trojans etc.,or is it advised to do a factory reset anyway?, but I have no indications of any problems with my equipment at present.

I did have suspicious activity some time back detected and I did a factory reset on hub3 and my own router as advised by virgin.

As my own router is not virgin equipment and of Chinese manufacture, it may not be be as secure as the hub 3? and has no automatic firmware update like the hub 3 does have, but I have found my own router more reliable and stable than using the hub 3 as a router.

 

 

 

0 Kudos

ALF28
Super solver
In response to ALF28

‎06-12-2022 13:22 - edited ‎06-12-2022 13:23

ROUTER CHECKS-security

An easy router security check is to log onto your router device and check the remote settings.

Go into your router’s setup page and make sure that remote administration is turned off. (If the IP address is 0.0.0.0, it’s off.)

see-

How to protect your wireless router from malware | PCWorld

I just checked mine to confirm this.

 

0 Kudos
Top