According to Symantec, a virus known as Wifatch has been used to treat more than 10,000 home routers against cyber-attacks. Wifatch is fixing bugs on the routers that it infects.
Symantec is monitoring the network of treated routers thus far and has not seen it being put to malevolent use. Since its discovery in 2014, Wifatch has been steadily cleansing the web for routers and other smart devices running software that is vulnerable to attack. Once Wifatch finds and infects an accessible router, it connects to other compromised devices to download software updates, making them more difficult to successfully attack.
A blogpost by Symantec also said that Wifatch attempts to disinfect devices that have been compromised by malicious software. It reboots devices to kill off malware that runs on them and returns them to a clean state on a regular basis.
Wifatch targets a wide range of home routers that run variations of Linux. About a third of the devices hit were in China, with Brazil and Mexico making up another quarter of the victims.
Symantec remained wary of Wifatch's intentions despite its benign status. “Wifatch is a piece of code that infects a device without user consent and, in that regard, is the same as any other piece of malware,”said Mario Ballano, Symantec security analyst. “It should also be pointed out that Wifatch contains a number of general-purpose back doors that can be used by the author to carry out potentially malicious actions,” he added.