A new malware targeting Fiberhome routers has been identified by security researchers. Dubbed as ‘Gwmndy’, the malware is being used to turn the routers into proxy nodes. It is reported that the malware is a part of an ongoing IoT botnet campaign.
Gwmndy was discovered by researchers from Qihoo 360. They spotted an ELF file on their detection systems on July 24, which turned out to be a component of the malware.
Malware distribution remains unknown
Although the Qihoo researchers detailed the features of the malware, they found no information on how it was distributed. “We didn't see how Gwmndy malware spread, but we know that some Fiberhome router Web systems have weak passwords and there are RCE vulnerabilities,” wrote the researchers.
Furthermore, they also advised Fiberhome router users in Thailand and the Philippines to keep the device software updated.