New Malware Uses WiFi BSSID to Determine the Victim's Location
A security researcher has identified a new malware sample that uses an interesting technique to determine the potential victim’s location, without using the various GeoIP API services.
Some hackers don’t want to draw attention to their activities in the countries they operate from, and they usually give their attacks features that let them determine the location of a target. It also allows them to target specific countries.
Threat actors use GeoIP API services for this task, but it turns out there are other ways to find out the location that don’t require access to those APIs. Security researcher Xavier Mertens found a malware sample that initially queries for the victim’s public IP address with the help of icanhazip.com.
On the second step, though, the malware uses another service, ‘api.mylnikov.org.’
“This free service provides geolocation data for WiFi MAC addresses or BSSID,” says Mertens. “This is also useful to detect the location of the victim. The malware submits the MAC address of the default gateway (in my VM environment) or the BSSID (the MAC address of the wireless access point).”
The API returns the latitude and longitude in the JSON data, which is more than enough to find the country and city of origin. Bad actors always update their malware with new features and functionalities that let them bypass security measures or add new capabilities.
This is only a sample, but there’s no reason to believe that it’s not already implemented in active pieces of malware.
Ultimate Privacy Guide for Your Facebook Account
August 31, 2021
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices
August 27, 2021
Your Netflix Account May Be on Sale on Darkweb. Protect It
August 13, 2021
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
FOLLOW US ON
You might also like
September 23, 2021
September 23, 2021
September 22, 2021