AT&T's networking devices are currently targeted by a new malware called EwDoor. This new malicious tool is confirmed to be exploiting the device model's old flaw, which was discovered way back in 2017.
A man walks with an umbrella outside of AT&T corporate headquarters on March 13, 2020 in Dallas, Texas. AT&T is allowing employees to work remotely from home if they have the ability to do so, as a safety measure due to COVID-19.
The specific vulnerability that is exploited by the new malware is the CVE-2017-6079. This flaw, a command-injection vulnerability, was first discovered by Spencer Davis, a penetration tester.
He used this flaw to hack a customer's network in 2017 successfully. Now, the new EwDoor malware is said to be taking advantage of this old security issue so that hackers behind it can easily conduct DoS (denial-of-service) attacks.
"So far, the EwDoor in our view has undergone 3 versions of updates, and its main functions can be summarized into 2 main categories of DDoS attacks and Backdoor," said involved security experts via Qihoo 360's official website.
AT&T Suffer From New EwDoor Malware
According to ArsTechnica's latest report, around 5,700 AT&T customers in the United States have fallen victims to the new EwDoor malware.
The AT&T logo is seen atop a phone bill May 12, 2006 in Des Plaines, Illinois. The US National Security Agency began collecting information from phone records of millions of AT&T (until recently known as SBC), Verizon, and BellSouth customers shortly after the 2001 terror attacks.
Also Read: US Politicians Wants to Push for Anti-Bot Act to Prevent Scalpers From Bullk Buying
If you are one of the consumers of the telco giant, the device model that is currently attacked is the EdgeMarc Enterprise Session Border Controller.
This networking device is a tool that can secure and manage phone calls. SMBs are currently relying on this gadget to contact their clients and customers.
It can also secure real-time communications, such as video conferences. If you want to see more details about the new malware, you can click this link.
How Serious is EwDoor?
Qihoo 360 experts explained that the new EwDoor malware specifically attacks Edgewater devices. This means that hackers behind the new malicious tool could also use the malware to exploit other old vulnerabilities.
As of the moment, security researchers said that EwDoor could conduct the following hacking activities:
- File management
- DDoS attack
- Self-updating
- Port scanning
- Reverse shell
- Execution of arbitrary commands
In other news, TechTimes reported that Android users in Finland are also targeted by another malware called Flubot. On the other hand, U.S. companies are attacked by a new ransomware family.
For more news updates about malware and other security threats, always keep your tabs open here at TechTimes.
Related Article: Canada Caller ID Spoofing: CRTC to Bring Law on Preventing Nuisance Phone Calls
This article is owned by TechTimes
Written by: Griffin Davis
