Malware on WiFi

[Cosmic Cyclone]

Hello everyone. I have a question to ask. I have my home router connected to various devices. So if any of these devices gets infected with some kind of malware/ virus/ trojan or any malicious stuff, will my router get compromised too? Can it spread malware to other devices too? My router has WPA 2 PSK encryption and no port forwarding with firewall enabled and Anti - DOS attack enabled.

[rcmaehl]

5 minutes ago, Cosmic Cyclone said:

Hello everyone. I have a question to ask. I have my home router connected to various devices. So if any of these devices gets infected with some kind of malware/ virus/ trojan or any malicious stuff, will my router get compromised too? Can it spread malware to other devices too? My router has WPA 2 PSK encryption and no port forwarding with firewall enabled and Anti - DOS attack enabled.

It's unlikely as malware is generally designed for a specific architecture and your PC and router run two different architectures (x86-64 vs Arm) and OSes (Windows vs Linux/BSD). It's not impossible, but malware is generally not designed that way as it's not worth the effort unless you're a multimillion dollar target.

Regardless, malware can still be programmed to attempt to brute force your router with the default username and password to make changes to things such as the default DNS server. At the bare minimum, I would change the default password (and username too if possible).

[Eigenvektor]

46 minutes ago, Cosmic Cyclone said:

Can it spread malware to other devices too?

There's no need to compromise the router to spread to other machines on your network. By default all machines on the same local network can communicate with each other. So if one is infected and the malware is able to make use of a vulnerability that is exploitable remotely, it could theoretically do so and spread to other machines without having to do anything to the router.

 

Your Wi-Fi using encryption only means no unauthorized third-party should be able to connect to your network. Presumably your local machines are connected to the network already (i.e. they have access to the key), so they are able to talk to one another and the router.

 

The firewall on your router will typically only block unsolicited incoming traffic from the internet. It will not prevent your machines from communicating out to the internet. So malware running on your computer can send e.g. your private data elsewhere, download additional malware and it can also try to compromise other machines on the internet or participate in a botnet.

[Cosmic Cyclone]

18 minutes ago, Eigenvektor said:

There's no need to compromise the router to spread to other machines on your network. By default all machines on the same local network can communicate with each other. So if one is infected and the malware is able to make use of a vulnerability that is exploitable remotely, it could theoretically do so and spread to other machines without having to do anything to the router.

 

Your Wi-Fi using encryption only means no unauthorized third-party should be able to connect to your network. Presumably your local machines are connected to the network already (i.e. they have access to the key), so they are able to talk to one another and the router.

 

The firewall on your router will typically only block unsolicited incoming traffic from the internet. It will not prevent your machines from communicating out to the internet. So malware running on your computer can send e.g. your private data elsewhere, download additional malware and it can also try to compromise other machines on the internet or participate in a botnet.

Ohh...so like can it affect my android devices connected to it?....I think it would be tooo far for a malware to be made for mac and then affect my router and then affect my android devices...right?

 

[Cosmic Cyclone]

59 minutes ago, rcmaehl said:

It's unlikely as malware is generally designed for a specific architecture and your PC and router run two different architectures (x86-64 vs Arm) and OSes (Windows vs Linux/BSD). It's not impossible, but malware is generally not designed that way as it's not worth the effort unless you're a multimillion dollar target.

Regardless, malware can still be programmed to attempt to brute force your router with the default username and password to make changes to things such as the default DNS server. At the bare minimum, I would change the default password (and username too if possible).

Thanks man...I also think that how can a malware be so specific that first it affects the macOS, then hops to wifi router and then affect android and other devices too....it sounds not technical but some weird fan fic....right?

 

[Cosmic Cyclone]

22 minutes ago, Eigenvektor said:

There's no need to compromise the router to spread to other machines on your network. By default all machines on the same local network can communicate with each other. So if one is infected and the malware is able to make use of a vulnerability that is exploitable remotely, it could theoretically do so and spread to other machines without having to do anything to the router.

 

Your Wi-Fi using encryption only means no unauthorized third-party should be able to connect to your network. Presumably your local machines are connected to the network already (i.e. they have access to the key), so they are able to talk to one another and the router.

 

The firewall on your router will typically only block unsolicited incoming traffic from the internet. It will not prevent your machines from communicating out to the internet. So malware running on your computer can send e.g. your private data elsewhere, download additional malware and it can also try to compromise other machines on the internet or participate in a botnet.

So like a malware made for macOS affect android and windows too?...and I didn't installed anything on them.

[Eigenvektor]

8 minutes ago, Cosmic Cyclone said:

So like a malware made for macOS affect android and windows too?...and I didn't installed anything on them.

Theoretically, yes. Practically it would be extremely unlikely.

 

Malware can only spread to another device on its own if the device has any open network ports and the service listening on that port has a vulnerability and the malware is built to exploit it. The malware would also need to be able to run on three different operating systems.

[dogwitch]

general.

unless its el cheapo  wif  router.

the better way to target or install malware.

is 1 un secure device

aka camera/pc etc. or  be in person and installing the malware.

[wseaton]

Endpoint devices typically don't get infected. You click on something you shouldn't, or download something you shoulnd't and then blame it on mysterious hackers. That's .....the way small business owners believe things happen.

 

While exploits for network devices exist, they typically require a pretty significant lapse of patching. Cough *Cisco Voip* cough.

 

I'm seeing more and more issues with smartphones, and oddly mostly iOS based devices, and the issue is always credit cards. My CC was jacked last year, and I traced it down to a transaction I made with a guy I had to buy a part from work with and he was entering transactions through Square on his iPhone.

 

Stick to 2FA, and try to use at least one authentication method not tied to your phone.

 

Hackers don't want to infect devices. They want to either encrupt data and ransom you for it, or jack credit car info.

 

 

 

[Cosmic Cyclone]

9 hours ago, wseaton said:

Endpoint devices typically don't get infected. You click on something you shouldn't, or download something you shoulnd't and then blame it on mysterious hackers. That's .....the way small business owners believe things happen.

 

While exploits for network devices exist, they typically require a pretty significant lapse of patching. Cough *Cisco Voip* cough.

 

I'm seeing more and more issues with smartphones, and oddly mostly iOS based devices, and the issue is always credit cards. My CC was jacked last year, and I traced it down to a transaction I made with a guy I had to buy a part from work with and he was entering transactions through Square on his iPhone.

 

Stick to 2FA, and try to use at least one authentication method not tied to your phone.

 

Hackers don't want to infect devices. They want to either encrupt data and ransom you for it, or jack credit car info.

 

 

 

Ohh...so like a windows malware willn't work on android unless I download something or click on a sus link?

[LIGISTX]

11 hours ago, Cosmic Cyclone said:

Ohh...so like a windows malware willn't work on android unless I download something or click on a sus link?

It entirely depends. Malware could infect one system, and be able to analyze its surroundings (other devices on the network) and laterally move to them. This is more sophisticated then normal every day malware would be, but yes, it’s not just possible, it does exist. 
 

It doesn’t ever need to inject your router tho, your misunderstanding how networks work. Any device on your LAN can talk to any other device on your LAN, your router just acts as a dumb networking switch to allow packets to go from device to device. So if a piece of malware got onto a device inside your network, it can effectively just start analyzing what else is on the network, and start sending data to those devices. As stated above, if anything is vulnerable to the exploits it has the ability to exploit, it will start executing against them, your router will never have any idea and will not itself have been exploited (it could also be exploited, but that is not required). 

[Cosmic Cyclone]

On 10/5/2023 at 8:17 PM, LIGISTX said:

It entirely depends. Malware could infect one system, and be able to analyze its surroundings (other devices on the network) and laterally move to them. This is more sophisticated then normal every day malware would be, but yes, it’s not just possible, it does exist. 
 

It doesn’t ever need to inject your router tho, your misunderstanding how networks work. Any device on your LAN can talk to any other device on your LAN, your router just acts as a dumb networking switch to allow packets to go from device to device. So if a piece of malware got onto a device inside your network, it can effectively just start analyzing what else is on the network, and start sending data to those devices. As stated above, if anything is vulnerable to the exploits it has the ability to exploit, it will start executing against them, your router will never have any idea and will not itself have been exploited (it could also be exploited, but that is not required). 

It can send those packets or things you said but if I didn't installed any shady application on my android or didn't opened any shady software, will I be fine?

and how sophisticated that malware has to be to do this kind of damage?
And can a malware developed for macOS, will work on PC and android?
I am very scared and I have even got paranoid because of this whole mess...PLEASE HELP

 

[LIGISTX]

5 hours ago, Cosmic Cyclone said:

It can send those packets or things you said but if I didn't installed any shady application on my android or didn't opened any shady software, will I be fine?

and how sophisticated that malware has to be to do this kind of damage?
And can a malware developed for macOS, will work on PC and android?
I am very scared and I have even got paranoid because of this whole mess...PLEASE HELP

 

What situation, what happened? Why are you worried? 

[Cosmic Cyclone]

16 hours ago, LIGISTX said:

What situation, what happened? Why are you worried? 

Let me explain the whole situation please,

Around 7th September, I downloaded a wallpaper from a wallpaper site to use it as my background in my MacBook Air M1 but when I tried to open it, it showed me some kind of error which I don't remember correctly. On that evening I got worried that it might be a malware of some sorts so I installed and ran every kind of antivirus scan as possible but found nothing in the scans and I even did manual scanning as going through all the files and folders to check anything but found nothing suspicious.
I asked the same question in multiple subreddits and discord servers but they all said that it will be fine and this doesn't generally happens but not 100% sure. 

That's why, I finally decided to get rid of this laptop to get out of this situation but again got scared because this laptop and my other devices are constantly connected to the same router and network and maybe the malware had hacked my router, infected it and is spreading the malware to other devices as well ( bunch of androids, ios devices etc.). 

All of my devices are constantly updated properly and don't install any unwanted apps such as apks from random site ( I only use play store ). I have some questions regarding this situation which are listed as follows :-

1. Can the malware travel from my mac to my router, hacked it and spread the malware to my other connected devices?
2. Can my android devices get malware without installing anything ( no 3rd party software ) ?
3. Can an infected device spread the malware over wifi to any device easily without any restriction?
4. Can a mac malware infected an android device.

I'm planning to 1st change my wifi provider and then can my devices one by one to cut off any possible chance of infection. 
If you know anything about this situation, please help me, it would be a lot of relieve for me.
and sorry for my english ( not my 1st language ).

[Alex Atkin UK]

17 hours ago, Cosmic Cyclone said:

Around 7th September, I downloaded a wallpaper from a wallpaper site to use it as my background in my MacBook Air M1 but when I tried to open it, it showed me some kind of error which I don't remember correctly.

There's a 99% chance the file somehow just corrupted during download IMO, absolutely nothing to get all paranoid about.

 

Its far more likely that malware would NOT throw an error, as they don't want you to know something happened.

[LIGISTX]

7 hours ago, Cosmic Cyclone said:

Let me explain the whole situation please,

Around 7th September, I downloaded a wallpaper from a wallpaper site to use it as my background in my MacBook Air M1 but when I tried to open it, it showed me some kind of error which I don't remember correctly. On that evening I got worried that it might be a malware of some sorts so I installed and ran every kind of antivirus scan as possible but found nothing in the scans and I even did manual scanning as going through all the files and folders to check anything but found nothing suspicious.
I asked the same question in multiple subreddits and discord servers but they all said that it will be fine and this doesn't generally happens but not 100% sure. 

That's why, I finally decided to get rid of this laptop to get out of this situation but again got scared because this laptop and my other devices are constantly connected to the same router and network and maybe the malware had hacked my router, infected it and is spreading the malware to other devices as well ( bunch of androids, ios devices etc.). 

All of my devices are constantly updated properly and don't install any unwanted apps such as apks from random site ( I only use play store ). I have some questions regarding this situation which are listed as follows :-

1. Can the malware travel from my mac to my router, hacked it and spread the malware to my other connected devices?
2. Can my android devices get malware without installing anything ( no 3rd party software ) ?
3. Can an infected device spread the malware over wifi to any device easily without any restriction?
4. Can a mac malware infected an android device.

I'm planning to 1st change my wifi provider and then can my devices one by one to cut off any possible chance of infection. 
If you know anything about this situation, please help me, it would be a lot of relieve for me.
and sorry for my english ( not my 1st language ).

Getting rid of devices is pretty extreme overkill. Worst case, just reformat. It would take pretty serious malware to persist a reformat… 

 

Replacing your router won’t help anything. If you did somehow get some very high end virus in your network, the damage is already done, and it would have already spread to everything it can. If that was the case, you’d need to replace all devices at once. But… this is almost certainly not happening. Your devices are almost certainly fine. Stuff this advanced likely wouldn’t be “wasted” on random people via downloading random wallpapers. Really high end exploits are used by hackers and state sponsored organizations to get access to very large corporations or other countries… they wouldn’t risk their exploits being potentially discovered just to infect some random persons network. 
 

I wouldn’t worry about it. Just don’t download random stuff from the internet in the future, it’ll save yourself a lot of headache and stress.