Thousands of ASUS routers targeted by cybercriminals


Old routers and IoT devices have been identified as key targets for six large malware campaigns. Cybersecurity experts are urging users to update their devices.

Black Lotus Labs, a threat intelligence team at telecommunications company Lumen Technologies, has identified a new multi-year campaign targeting end-of-life or outdated small office/home office (SOHO) routers and IoT devices. The latest malicious campaign, which began in the first week of March 2024, was able to target over 6,000 ASUS routers in less than 72 hours, attempting to steal valuable data.Malware known as TheMoon emerged in 2014. However, researchers noticed a huge increase in activity at the beginning of this year, between January and February, when it added over 40,000 bots from 88 countries to its network.

The majority of these bots are used as the foundation of the Faceless proxy service, widely known among cybercriminals. Black Lotus Labs data shows that TheMoon malware has enabled the Faceless bot network to grow at a rate of nearly 7,000 new users per week.

"The attackers behind Faceless are using the botnets from this malware to create an anonymous proxy network by abusing outdated and unsupported routers to run their criminal networks. We believe these cybercriminals are using these networks to steal data and information from their victims, including the financial sector," said Mark Dehus, senior director of threat intelligence at Lumen Black Lotus Labs, in a press release.

A proxy service gives its users the ability to impersonate a legitimate user in a chosen country. Faceless doesn't require customer identification, allowing users to stay anonymous as they send malicious traffic through the routers.

"TheMoon malware is a serious threat not only to the owners of the compromised SOHO devices, but also the victims exploited through this anonymous proxy network," continued Dehus. "We urge consumers to update and secure their devices to prevent them from becoming part of these malicious networks."


Subscribe

Shopify plugins leaked data from nearly 2K stores

Musk's AI chatbot Grok now comes with X Premium subscription

Meta urged to lift ban on Arabic word for ‘martyr’

Giant Tiger customers exposed via third party

Subscribe to our newsletter