2

My computer was hacked, which probably resulted in malware/a virus being installed so I'm using my most recent backup on a separate machine (all macOS). Luckily, I was able to determine the timing of the attack exactly, so I know the backup is clean and my separate machine should be good to go. But I wonder: is it safe to reuse the same wifi router and mouse—which I used with the infected computer—with my clean computer?

To be clear, I have wifi turned off on the infected machine, and I have reset my wifi router to factory settings and then changed the network name and password, so the infected computer couldn't connect to the internet even if it tried. Bluetooth is off on the infected machine also. I'm not worried about my dirty computer reinfecting the clean one. I am worried about the dirty computer having already infected my router, malware somehow surviving the router being reset, and now reinfecting my clean machine that's now connected to the router. I don't know for a fact whether a factory reset really would get rid of a virus that had made it onto my router. It seems like a great strategy for a virus to infect a router and then spread to computers users think are clean.

I have already learned that I should not reuse my keyboard. But what about my mouse and my wifi router?

Curious-Programmer
  • 21
  • 3

1 Answers1

1

Despite it sounds strategically good, multiplatform malware that would infect both the computer and the router are rare. That's probably because such malware would require two set of vulnerabilities to abuse, and therefore only be effective against a certain pair of computer OS and router model. That would only be practical in targeted attacks, but not for malware spreading in wild.

Unless the root cause for your infection was that the router was hijacked and used to lure you to download something malicious, it's likely safe to use it. Just don't forget to change the administrative password of the router, too. Most routers are hijacked simply by using default passwords instead of firmware vulnerabilities.

Esa Jokinen
  • 16,100
  • 5
  • 50
  • 55
  • Thanks. What do you mean by "administrative password"? – Curious-Programmer Dec 27 '20 at 06:54
  • The password you use to login to the router and configure it. – Esa Jokinen Dec 27 '20 at 06:55
  • Hmm, it depends what the threat scenario is, don't you think? Suppose the OP is someone like Assange, Manning, or Snowden, I think _some_ attempt to persist _somewhere_ in the network will have been made. So was it a targeted attack, or was it more of a drive-by exploit that happened to affect the OP. Threat analysis IMO makes all the difference for most questions on this site. – 0xC0000022L Dec 29 '20 at 00:32
  • In this particular case, it seems to have been more of a "drive-by exploit," as you phrased it. But I agree that threat analysis makes all the difference; for those coming here after having become the victim of a targeted attack, they may choose to treat all their electronics like they've been infected with bed bugs: burn those devices far away and just walk away from the ashes. – Curious-Programmer Dec 29 '20 at 00:37