Is your router outdated? Millions are at risk as a new variant of TheMoon malware infects devices in just 72 hours. Learn how to protect yourself from this cyberattack and secure your home network.
A multi-year campaign targeting vulnerable home and small business routers has come to light thanks to a recent report by Black Lotus Labs, a security research team at Lumen Technologies. The campaign leverages an updated version of a well-known malware strain called “TheMoon.”
TheMoon malware first emerged in 2014 and has a history of exploiting weaknesses in routers and Internet of Things (IoT) devices. This latest campaign, however, appears to be particularly widespread, infecting devices across 88 countries.
According to the Black Lotus Labs report, the attackers primarily focused on end-of-life (EoL) routers, meaning devices no longer receive security updates from the manufacturer. ASUS routers were the most targeted, with over 6,000 infected in just 72 hours in early March 2024.
The attackers’ goal appears to be the creation of a large network of compromised devices. By infecting routers and IoT devices, they can add them to a service known as “Faceless.” Faceless operates as a proxy service, allowing malicious actors to anonymize their online activities. This anonymization can make it difficult to track the source of cyberattacks and other criminal operations.
Jason Soroko, Senior Vice President of Product at Sectigo told Hackread.com that, “Routers and other networking equipment that use passwords have been easy victims to pray and spray attacks for years.“
“Unfortunately, stronger forms of authentication are not common. What’s new here is the usage of proxy networks for C2 traffic obfuscation. It shows that de-anonymizing Tor and VPN traffic is not only happening but has been successfully used against attackers,“ Jason added.
To protect your devices from the latest variant of TheMoon malware or similar attacks; always follow these steps:
- Update your router and IoT devices regularly. Check the manufacturer’s website for instructions on how to update the firmware for your specific device.
- Disable remote access to your router. This can be done through the router’s administration panel.
- Use strong passwords for your router and Wi-Fi network. Avoid using easily guessable passwords or default settings.
- Consider a security solution for your home network. There are several security products available that can help to protect your network from malicious activities.
There are many more technical details and aspects addressed in the Black Lotus Labs blog post.
RELATED TOPICS
- How To Keep Your Router And WiFi Safe From Hackers
- DDoS Botnet ‘Condi’ Targets Vulnerable TP-Link AX21 Routers
- Russian Hackers Target Ubiquiti Routers for Data, Botnet Creation
- D-Link home routers plagued with critical & multiple vulnerabilities
- 415,000 routers infected by crypto malware – Prime target MikroTik