“It’s obvious that Satori is under active development,” says Matt Bing of NetScout Arbor, a cybersecurity firm.
As a result, it’s been evolving quickly. It began by targeting routers in Latin America and Egypt. When internet service providers in those places blocked it late last year, a new variant appeared, aimed at computers mining digital currency. Now it’s morphed again. The latest version targets software associated with ARC processors, which provide the silicon brains for a wide range of internet-of-things devices, including some smart thermostats, digital TV set-top boxes, and car infotainment systems.
What you can do to keep the zombies at bay
Changing default passwords and settings on connected devices is critical, as is applying any software updates promptly. And if your home broadband slows dramatically—which could be a sign it’s being used in a web attack—ask your internet service provider to check what’s happening. If you tell them you think your router may have been zombified, they won’t think you’re a weirdo.