The White Team: Mystery hackers behind malware safeguarding 10,000 routers

A group of hackers going by the name “The White Team” have come forward and taken the responsibility for a white hat malware that compromised over 10,000 routers to improve the security of the devices.

The group has contacted Symantec, the security software company that identified the mysterious malware, and has published the source code for Linux.Wifatch, the software that hacked into the routers to clean them of malware, illegal Bitcoin miners and other dangerous code.

In the Q&A posted along with the source code on GitLab, the White Team explains the reason for creating the software saying, “First, for learning. Second, for understanding. Third, for fun, and fourth, for your (and our) security. Apart from the learning experience, this is a truly altruistic project, and no malicious actions are planned (and it is nice touch that Symantec watch over this).”

Regarding infecting other users’ devices, the group believed that they were in the right saying, “The amount of saved bandwidth by taking down other scanning malware, the amount energy saved by killing illegal bitcoin miners, the number of reboots and service interruptions prevented by not overheating these devices, the number of credentials and money not stolen should all outweigh this.”

Talking about the total number of infected devices, The White Team said that it is quite difficult to estimate the exact size of a network that constantly changes.

“We enumerate the whole core network (the so-called "bn" component) multiple times a day, and the usual number of Wifatch instances is 60000 (and almost never exceeding 120000). Only these are currently being protected and disinfected”, it said.

Mario Ballano, the Symantec employee who revealed the malware originally, confirmed to Forbes that the signatures posted on GitLab matched those in the Wifatch code he’d explored.

“Those guys are the real deal… It’s the real source code, it’s public and now even licensed,” he noted.