Chameleon: the Wi-Fi Virus That Hides in Plain Sight & Spreads Like a Cold

By on Mar 05, 2014

Recently, a group of researchers at the University of Liverpool successfully tested a new virus with a terrifying potential. It doesn’t spread by the usual means, but this new infection has all the markings of a communally spread illness. The virus, dubbed “Chameleon,” infects Wi-Fi networks in densely populated areas and spreads “as efficiently as the common cold spreads between humans.” Chameleon is heralding in a new era of technological viruses, and one that we must prepare for.

Unlike most malware and viruses previously discussed on my blog, Chameleon doesn’t infect computers or mobile devices. Instead, it opts to infect access points. Access points are outlets within a network where a device, whether wirelessly or not, connects to the Internet. In this case, Chameleon purposefully targets access points—usually in the form of a wireless router—that uses default passwords, no passwords or weak encryption standards. Once an access point is infected, a hacker can easily determine the credentials of the devices connected to that access point and use that to further perpetuate their attack.

These access points are particularly vulnerable for a few reasons: 1) the default settings on these devices are rarely changed by consumers, making it easier for hackers or viruses to bypass security with known default passwords; 2) routers rarely have any built-in antivirus protections, leaving a massive hole open for exploitation by hackers; and finally, 3) many wireless networks, especially those at coffee shops, are intentionally left open for people to easily access the connection. The unsecured nature of public networks makes them a lucrative target for hackers looking to collect a large amount of data fast.

At present in the U.S., this threat is only a proof-of-concept (in that it hasn’t actually been discovered publically, or in the wild, and was instead created by researchers in a controlled environment). In Asia and Europe, however, actual attacks on home office wireless routers are very much a reality. This week, an attack on more than 300,000 routers was discovered overseas. This attack stems from a different virus than the Chameleon strain discussed here—but it goes to show the threat is very real. The sheer number of home routers and gateways that are vulnerable to attacks makes them a very attractive target to cybercriminal groups.

And, as with a cold, the success of this virus depends on population density. The more Wi-Fi networks with overlapping access points, the more likely an infection will occur and more likely the virus will spread. What’s worse is Chameleon can spread largely undetected precisely because it infects wireless networks, not computers or smartphones where security programs can pick up on the suspicious behavior. All it has to do is infect a router and wait to collect data sent through the router from connected devices.

Luckily, were Chameleon ever to see the light of day, it could easily be defended against. All users have to do is secure their network router with strong, unique passwords.

We’ve discussed the importance of securing your networks and your devices before. The advent of the airborne computer virus only reinforces that point because, in all likelihood, it’s only a matter of time until a virus like Chameleon hits the streets.

So what can you do to protect yourself against Wi-Fi viruses such as this one? Here are a few suggestions:

  • Protect your Wi-Fi network with a password. The good news about Chameleon is that it’s fairly easy to defeat: just secure your network by placing a password on your wireless router. It’s just another reason to take standard security steps to head off hackers.
  • Control which devices have access to your wireless router. In your router’s advanced settings, you can restrict access to just your family’s devices by using MAC address filtering. Manufacturers typically set this filtering feature to “off” as it requires a bit of effort to set up, but the extra step is well worth it to protect your data and devices. For additional tips on protecting your wireless connection, go here.
  • Avoid using public networks. There are plenty of reasons to avoid using public networks, but Chameleon underlines one in particular: you don’t know if that public connection is protected, sufficiently encrypted or if it has been compromised. That uncertainty can cost you your banking and social information—while leaving your device equally exposed. If you can’t avoid using public networks, then protect your devices, from laptops to smartphones, with McAfee LiveSafe.


Gary Davis

About the Author


McAfee is the device-to-cloud cybersecurity company. Inspired by the power of working together, McAfee creates business and consumer solutions that make our world a safer place. Take a look at our latest blogs.

Read more posts from McAfee

  1. Whenever I try to open files it opens something called ‘Chameleon Explorer Pro.’ It is annoying, and I even uninstalled it but it persists. Is this the same thing? Or just a program that somehow got installed, but ironically has the same name?

  2. Just reading these comments now, because it’s been about a month that my PC and all IOT electronics have been hacked. They were silent initially, now a have to install new PC O.S. just to get online, which lasts an hour or two until they take “root” and lock me out of my own PC. Went to regedit and found files/folders on all my electronics, including zip drives, onkyo receiver, bd player, etc. All of our issues maybe different origins, but pretty sure mine is Vm Linux based and hosted by hacker of some sort. Sounds like TDL-4 but highly evolved version with firmware, router, and USB infecting capabilities that can hide from the av software. Hope the best for all of you, let me Know if this has a solution. Thank You.

  3. Chameleon has ruined so much for me and my husband. And while the FBI, FTC and local police have taken our reports seriously, my husbands employer Apple scoffs at the concept. My husband works from home for Apple as Chat IOS support. Our home pc was infected probably in November but we discovered it in feb and have been dealing with this mess since then. The hackers have fried 3 Android devices plus 3 Kindles. And rebooted and erased one ipad. I went through 2 brand new Galaxy Note 3s last week bc the hackers would toggle my vpns thus gaining access all over again to our routers. They wanted the Mac that would access the hackers to the world of Apple and Apple accounts I belive. Why else.. The hackers made contact us eventually and harassed us. They left Google maps up on the Mac with pins dropped on our house. They texted me after we learned they were listening and watching us. They thought it wqs funny to mock our fights and pick a side…. I have screenshots of one incident where after I talked into my phone camera (yeah I sound crazy but it's been confirmed thank god I'm not.) to the hackers and called them crackers and mocked their inefficiency at just wiping our network out and not being able to get to the Mac. Bad idea. They basically said they were coming for us. Hence the police FBI and FTC now investigation. We know this exists. We have documented every step and every attack. We took screenshots using a Canon not on a device with Wifi. We have thousands of black and or blurry pics on my phone where they'd turn the camera and microphone on randomly. My husband's iPhone and Apple account were wiped out bc my husband fought back for his data and thus locked him from accessing apple and work. He was on verge of losing his JOB bc he couldn't log into work without his account. He went without a phone for almost 3 weeks as Apple reclaimed his account apple has replaced his work Mac twice. They just fried the last one yesterday trying to take over the bios. .VPNS on EVERY device is a must have. I keep 4 installed just in case.. Oh yes we had to get back accounts and they took over our att accounts and are sending texts to this very day. Apparently I sent 1200 texts the other day. And my freedome VPN says it blocks 1500 attacks daily… My data plan which is gigantic was used up in a matter of 2 weeks after we had a DDOS and lost access. They rerouted my calls and texts.

    After all this damage… Why is no one talking MORE ABOUT THIS and why did this malware become personal and relentless once we began to fight back?? .

  4. Sounds just like a scam, Web browser can't detect a compromise so if you call that and they ask for money, it is 100% a scam.

Subscribe to McAfee Securing Tomorrow Blogs