A new form of malware is just starting to make its way around the internet and it has the ability to accurately pinpoint its victims’ locations…
There’s a new type of malware out on the web. It is able to grab and query MAC addresses of wireless routers to effectively geo-locate its potential victims’ machines. And, it apparently is at least a bit more accurate than other methods, making it more dangerous than its predecessors. However, it’s not just yet in wide circulation, although that could certainly change at any time, given its potential to wreak havoc.
New Malware Establishes Victims’ Location via BSSID of WiFi Routers
Normally, malware programs merely attempt to identify and verify the IP addresses of their targets by cross-referencing them with GeoIP to determine locations. But, this new form, analyzed by Xavier Mertens from the SANS Internet Storm Center, takes its verification a step further by running an additional query. If successful, this makes it a lot more of a threat than previous campaigns.
The new malware starts by extracting the Basic Service Set Identifier or BSSID of the WiFi router that a potential victim is connected to. Then, it runs a query through a free BSSID-to-geo database to more accurately determine the location of the victim’s computer. The reason for pinpointing locations is to ensure hackers don’t inadvertently infect computers in their own countries. Plus, it allows them to better target victims in specific areas where they have a greater chance of success with their schemes.