1 min read

New Malware Uses WiFi BSSID to Determine the Victim's Location

Silviu STAHIE

January 06, 2021

Promo Protect all your devices, without slowing them down.
Free 30-day trial
New Malware Uses WiFi BSSID to Determine the Victim's Location

A security researcher has identified a new malware sample that uses an interesting technique to determine the potential victim’s location, without using the various GeoIP API services.

Some hackers don’t want to draw attention to their activities in the countries they operate from, and they usually give their attacks features that let them determine the location of a target. It also allows them to target specific countries.

Threat actors use GeoIP API services for this task, but it turns out there are other ways to find out the location that don’t require access to those APIs. Security researcher Xavier Mertens found a malware sample that initially queries for the victim’s public IP address with the help of icanhazip.com.

On the second step, though, the malware uses another service, ‘api.mylnikov.org.’

“This free service provides geolocation data for WiFi MAC addresses or BSSID,” says Mertens. “This is also useful to detect the location of the victim. The malware submits the MAC address of the default gateway (in my VM environment) or the BSSID (the MAC address of the wireless access point).”

The API returns the latitude and longitude in the JSON data, which is more than enough to find the country and city of origin. Bad actors always update their malware with new features and functionalities that let them bypass security measures or add new capabilities.

This is only a sample, but there’s no reason to believe that it’s not already implemented in active pieces of malware.

tags


Author


Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

You might also like

Bookmarks


loader