Asus router backdoors affect 9K devices, persist after firmware updates
a year ago
- #ASUS-routers
- #cybersecurity
- #botnet
- Thousands of ASUS routers compromised with malware-free backdoors.
- Backdoors persist through reboots and firmware updates.
- Campaign potentially building a future botnet.
- Threat actors exploit vulnerabilities and legitimate router features.
- Attacks first detected by GreyNoise’s AI-powered Sift tool in mid-March.
- Sekoia.io reports broader campaign dubbed ViciousTrap.
- Attackers gain access via credential brute-forcing and authentication bypass flaws.
- SSH access established on TCP/53282 with attacker-controlled public keys.
- Backdoor configuration stored in NVRAM, resistant to removal.
- Factory reset recommended for compromised devices.