D-Link routers under control of AryStinger botnet
5 hours ago
- #router security
- #botnet
- #cyber threats
- The AryStinger botnet has infected thousands of end-of-life D-Link routers and some NAS devices.
- These compromised devices are used as 'Executors' for distributed scanning, acting as proxies and creating tunnels for attackers.
- The botnet primarily conducts reconnaissance at scale, scanning networks and identifying vulnerable services.
- AryStinger can tamper with DNS settings, redirecting traffic to malicious sites and monitoring all network traffic.
- Infected devices pose risks including privacy breaches, potential liability from malicious activities, and further network infiltration.
- Symptoms of infection may include slower connectivity, unexplained DNS failures, or unusual outbound traffic spikes.
- The recommended solution is to replace end-of-life routers and NAS devices, as they no longer receive security updates.
- If replacement is not immediate, steps include updating firmware, changing default passwords, disabling remote management, and using strong Wi-Fi encryption.