Security News > 2024 > March > TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service
A new variant of "TheMoon" malware botnet has been spotted infecting thousands of outdated small office and home office routers and IoT devices in 88 countries.
Black Lotus Labs researchers monitoring the latest TheMoon campaign, which started in early March 2024, have observed 6,000 ASUS routers being targeted in under 72 hours.
The threat analysts report that malware operations such as the IcedID and SolarMarker currently use the proxy botnet to obfuscate their online activity.
The malware's latest campaign has been seen infecting nearly 7,000 devices in a week, with Black Lotus Labs saying they primarily target ASUS routers.
Despite the clear connection between TheMoon and Faceless, the two operations appear to be separate cybercrime ecosystems, as not all malware infections become part of the Faceless proxying botnet.
PurpleFox malware infects thousands of computers in Ukraine.