A new bot campaign called Manga, or Dark, threatens Fortinet. The campaign, attacking routers, was discovered just 10 days after TP-Link released an update to its network centers, a successful product, based on an ad by KPMG ethical hacker in Hungary. Experts say the virus is dangerous because the vulnerability doesn’t get enough attention, but hackers are already misusing it. The new malware is a different kind from Mirai: In 2016, this malware crippled the servers of Twitter and Amazon, among others, and paralyzed 250,000 devices. The point of such attacks is that infected machines start bombarding the targeted servers with messages that give up the fight during congestion.
TP-Link has sold an issue affecting its previous generation routers in Europe Chamomile mathTanácsadó Kft., the ethical hacker of KPMG. He caught the attention of the manufacturer, as a result of which the company released repairs for these devices. More than 100,000 copies of these devices have been sold throughout Europe, and it is assumed that there are more than 10,000 copies in Hungary in homes, small and medium-sized businesses and local governments, because TP-Link is also one of the largest suppliers of cheap routers in Hungary. An update that addresses the vulnerability Available by clicking here: If you are using a TP-Link TL-WR840N router that was purchased between 2017-2019, you may want to update the device firmware. The router type can be checked on the back of the device.
The KPMG ethical hacker has taken advantage of a feature in the router known as Ping to gain control of the device. Ping is a feature that can be used to check for a network error, where the user enters an IP address on a web interface to check connectivity between devices. However, by bypassing the protection, it was possible to enter not only an IP address but also a malicious code in the range of IP addresses.
Without the update now available for download, the device firmware will not validate the incoming data, so malicious code will be run
– Matek Camilo explains the attack. “This gives you unobtrusive access to the device’s operating system and all the features available exclusively to the manufacturer. This means that even unauthorized people can log all network traffic, including video chats through the router, or even bank account traffic data.” “