Lumen Black Lotus Labs has uncovered a sophisticated hacking campaign involving the AVrecon malware, which specifically targets small office/home office (SOHO) routers.
Despite being first spotted in May 2021, AVrecon has operated stealthily for more than two years, infecting over 70,000 devices in 20 countries. The campaign aims to build a vast botnet for various criminal activities, including password spraying and digital advertising fraud. This Linux-based Remote Access Trojan (RAT) targets ARM-embedded devices and communicates with multiple command-and-control servers, making it one of the largest SOHO router botnets in recent history, as detected by Black Lotus Labs, with 41,000 nodes identified in a 28-day window.
The AVrecon malware demonstrates a high level of sophistication, as it stealthily infects small office/home office (SOHO) routers, evading detection for over two years. The malware, discovered by Lumen Black Lotus Labs, aims to build a massive botnet for various nefarious activities, such as password spraying and digital advertising fraud.
With its ability to target ARM-embedded devices and communicate with multiple command-and-control servers, AVrecon has infected over 70,000 devices across 20 countries. The researchers identified 41,000 nodes communicating with second-stage C2 servers within a 28-day period, signifying the extensive reach and impact of this cyber threat.
The AVrecon malware campaign poses a significant cybersecurity threat, as it targets SOHO routers in a long-running hacking operation. Lumen Black Lotus Labs’ analysis revealed the malware’s use of a Linux-based Remote Access Trojan (RAT) named AVrecon, which operates stealthily and has been active for more than two years. The threat actors aim to build a large botnet for various criminal activities, including password spraying and digital advertising fraud.
With over 70,000 devices infected in 20 countries, this cyber attack is one of the most significant SOHO router botnets ever detected, prompting security experts to take notice of its scale and complexity.
The AVrecon malware, discovered by Lumen Black Lotus Labs, is causing concern as it stealthily targets small office/home office (SOHO) routers and has already infected more than 70,000 devices across 20 countries.
This highly sophisticated hacking campaign has been active for over two years, evading detection while aiming to create a substantial botnet. With its focus on ARM-embedded devices and multiple command-and-control servers, AVrecon has become one of the largest SOHO router botnets on record, underlining the need for heightened cybersecurity measures to counter this significant threat.
