Router vendor Linksys has locked user accounts on its Smart WiFi cloud service and is asking users to reset passwords after hackers have been observed hijacking accounts and changing router settings to redirect users to malware sites.
Linksys’ decision only impacts Smart WiFi accounts. Linksys Smart WiFi is a cloud-based account system that lets device owners connect to Linksys routers (and other equipment) over the internet to manage router settings.
Smart WiFi is widely deployed across Linksys’ router fleet, making it an ideal target for hackers who may want to hijack routers en-masse.
According to a Bitdefender report published last month, this is exactly what’s been recently happening. The cyber-security firm said it detected an organized campaign to break into D-Link and Linksys routers and change DNS settings.
Users accessing certain sites throgh the hacked routers were being redirected to malicious sites pushing a coronavirus-themed app that was laced with the Oski infostealer malware.
According to Bitdefender, the redirections were taking place when users were trying to access sites such as:
Linksys confirmed the accuracy of the report at the end of March, and, this month, the company has locked Smart WiFi accounts in an attempt to contain the attacks and expunge the hackers out of users’ devices.
The company decided to lock accounts and prompt a password reset because it couldn’t detect which accounts were hacked and which were not, and decided to act on all.
“Linksys is doing everything we can to make it tougher for the bad guys. But there are no guarantees,” Linksys said.
The company is now asking users to reset passwords and choose a unique one they aren’t using anywhere else.