If a computer virus could ever be described as benevolent, this one probably comes closest.

Software that researchers have titled Wifatch.Linux has taken over an estimated tens of thousands of home Internet routers worldwide, cybersecurity company Symantec said Thursday. But it’s not, at least not yet, a piece of malware that tries to overwhelm computers, steal sensitive information, tamper with files or make you pay to access your device.

Instead, Wifatch comes off as a good guy, attempting to rid routers of harmful viruses. It also shuts down a communications feature on routers that’s widely seen as unsecure. If someone then tries to access the shuttered service, it tells users to change their passwords or install a security patch. And though Wifatch opens a virtual back door on routers, it’s devised a sort-of lock that deters anyone but the Wifatch creator from entering through it.

“For all intents and purposes, it appeared like the author was trying to secure infected devices instead of using them for malicious activities,” Symantec’s Mario Ballano said in an online post.


After Wifatch was spotted several months ago, Symantec let it infect some of its test devices operating around the world. The largest contingents of affected devices appear to be in China and Brazil, Symantec said. But researchers haven’t spotted Wifatch doing anything bad in that span. Nor have they been able to identify the supposed vigilante.

At the end of the day, Wifatch “is a piece of code that infects a device without user consent and in that regard is the same as any other piece of malware,” Ballano said.

It’s difficult for a home user to determine if their device is infected, but resetting a router should scrub it away, he said.



Chat with me on Twitter @peard33