Security News > 2023 > July > AVrecon malware infects 70,0000 Linux routers to build botnet
Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office routers to a botnet designed to steal bandwidth and provide a hidden residential proxy service.
According to Lumen's Black Lotus Labs threat research team, while the AVrecon remote access trojan compromised over 70,000 devices, only 40,00 were added to the botnet after gaining persistence.
The malware has largely managed to evade detection since it was first spotted in May 2021 when it was targeting Netgear routers.
"Threat actors are using AVrecon to proxy traffic and to engage in malicious activity like password spraying. This is different from the direct network targeting we saw with our other router-based malware discoveries," said Michelle Lee, threat intelligence director of Lumen Black Lotus Labs.
Hackers infect Linux SSH servers with Tsunami botnet malware.
New Condi malware builds DDoS botnet out of TP-Link AX21 routers.
News URL
Related news
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (source)
- TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service (source)
- DinodasRAT malware targets Linux servers in espionage campaign (source)
- Multiple botnets exploiting one-year-old TP-Link flaw to hack routers (source)
- New Cuttlefish malware infects routers to monitor traffic for credentials (source)
- New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials (source)
- New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (source)