The FBI has issued a public service announcement warning that cybercriminals are exploiting outdated routers for illicit activities. These routers, no longer receiving software updates or security patches, are being turned into anonymous proxies, helping criminals conceal their digital activities. The FBI has identified several vulnerable router models, mostly from Linksys and Cisco brands, that are being actively targeted. Routers from as early as 2010 are at risk, and the FBI urges users to replace them to prevent compromise.
The threat actors are using the TheMoon malware botnet to exploit these outdated devices. This malware, first discovered in 2014, doesn’t require passwords to infect routers.
Instead, it scans for open ports, sends malicious commands, and receives instructions from command-and-control servers operated by hackers. Once installed, the malware creates rules to block incoming traffic while allowing communication with the attacker, ensuring ongoing control of the compromised router.
These compromised devices are connected to proxy services, like Anyproxy and 5Socks, which sell access to hijacked routers as part of proxy networks. Criminals use these proxies to conceal their true IP addresses while committing illegal activities, such as cryptocurrency theft and fraud. The anonymity these proxies offer enables a range of cybercrimes without the risk of easy traceability, making it difficult for authorities to track the perpetrators.
To protect against these growing attacks, the FBI recommends replacing outdated routers with newer models, applying firmware updates, and disabling remote administration. Users should also implement strong passwords and reboot their routers regularly to prevent malware persistence. Regularly replacing old routers and maintaining good security hygiene are key to mitigating this increasingly common and dangerous threat.
Reference:
