Security researchers at Symantec have released a report about a piece of Internet of Things (IoT) malware that has them fairly flummoxed. Thousands of devices, mostly in China, Brazil and Mexico, have been infected with a Perl-based malware called Linux.Wifatch which connects them to a peer-to-peer (P2P) network. So far, that seems like fairly typical malware behavior, but then things get strange.
Instead of delivering a malicious payload to the routers, smart home appliances and other devices it has infected, Linux.Wifatch appears to deliver threat updates that actually harden their security. "The further we dug into Wifatch's code the more we had the feeling that there was something unusual about this threat. For all intents and purposes it appeared like the author was trying to secure infected devices instead of using them for malicious activities," said the report.
At this point no one knows who is behind Linux.Wifatch and whether that person's intentions are ultimately good or evil.