SANS Internet Storm Center's Xavier Mertens recently discovered a new malware strain that collects an infected user's Basic Service Set Identifier (BSSID), or the MAC physical address of the wireless router or access point being used to connect via Wi-Fi.
The malware checks the BSSID against a free database of known BSSIDs and the last geographical location where they have been seen, allowing the malware to determine the physical location of the Wi-Fi access point—and the victim.
Typically, malware operators check the victim's IP address against an IP-to-geo database, but the results often are inaccurate.
This new method using the BSSID potentially could be adopted by other malware operators to double-check a victim's geographical location.
Determining the victim's location is important for malware operators looking for victims inside specific countries, or those seeking to avoid infecting victims in their native country to evade law enforcement.
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA
No entries found