Linux.Wifatch

[2] Linux.Wifatch operates in a manner similar to a computer security system and updates definitions through its Peer to Peer network and deletes remnants of malware which remain.

[4] According to its authors the idea for Linux.Wifatch came after reading the Carna paper.

[5] Linux.Wifatch was later released on GitLab by its authors under the GNU General Public License on October 5, 2015.

[6] Linux.Wifatch's primary mode of infection is by logging into devices using weak or default telnet credentials.

[2][4] Once infected, Linux.Wifatch removes other malware and disables telnet access, replacing it with the message "Telnet has been closed to avoid further infection of this device.

A pie chart showing the architectures affected by Linux.Wifatch.
Linux.Wifatch affects multiple architectures . ARM accounts for 83%, MIPS accounts for 10%, and SH4 accounts for 7%. [ 2 ]