According to researchers at the cyber security firm Symantec, the software is actually used to defend the machine from the hackers and provides solution for the other malware infections.
“We have not seen any malicious activity whatsoever,” said Symantec threat intelligence officer Val Saengphaibul. “However, in the legal sense, this is illegal activity. It’s accessing computers on a network without the owner’s permission.”
Ifwatch software infect the routers with a mysterious piece of “malware” through Telnet ports, which are often protected by default security credentials that could be easily for accessed for malicious attack, and then prompts the users to change their Telnet passwords.
The software is spreading quickly around the world but found mostly in China and Brazil. It was first discovered by an independent researcher in 2014.
“We have no idea who is behind this — or what their full intention is,” Saengphaibul said.
