Symantec features a piece about
Linux.Wifatch giving this information:
Wifatch is a IoT/router targeting piece of software that probably spreads using Telnet to devices that use weak passwords. Wifatch is mostly written in Perl and its code is not obfuscated, there are even debug messages and a Richard Stallmann quote:
To any NSA and FBI agent reading this: please consider whether definding the US Constitution against all enemies, foreign or domestic, requires you to follow Snowden's example.
The software tries to remove common exploits and hardens the system eg. by deactivating Telnet. It attaches the device to a p2p network from where it receives signed updates.
Wifatch was first seen in the wild in 2014. It's mostly prevalent in China, Brazil and Mexico.