This malware uses a crafty new technique to establish the location of victims

It’s not widely adopted yet - but you still need to be careful

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A new form ofmalwarethat grabs and queries the MAC address of the wireless router in a bid to geo-locate its victim’s machine more accurately have been discovered.

Most malware usually just grab and check the IP address of their targets against GeoIP databases to determine their location. However thenew sample, analyzed by Xavier Mertens from the SANS Internet Storm Center, performs an additional query.

It first extracts the Basic Service Set Identifier or BSSID of the WiFi router that a user is connected to, and then queries it against a free BSSID-to-geo database to better determine the location of the victim’s computer.

Cat and mouse

As per Mertens' analysis, the malware first used the icanhazip.com database to get the appropriate location based on the IP address. It then submits the BSSID to a free BSSID-to-geo service maintained by one Alexander Mylnikov.

According to Mylnikov, his database has over 34 million BSSIDs along with their last known geographical location. He also demonstrates on his website how the information retrieved from his database can be visualized on a map.

As Mertens notes in his analysis, malware operators want to determine the location of their victims to ensure they don’t infect computers in their own country, and also when they want to target victims in specific countries.

Relying solely on IP-to-Geo databases doesn’t always yield accurate results. However, when combined with the novel approach of querying BSSIDs, it will lead to far more accurate determination of the victim’s geographical location.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

While this combination of double-checking a victim’s location isn’t widely adopted, according to report, it might just be a matter of time.

Via:ZDNet

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Professionals are facing “tech overload” as they try to juggle multiple devices in the workplace