Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Thousands of Asus routers taken over by malware to form new proxy service

A white padlock on a dark digital background.

Thousands of old, outdated Asus routers are being targeted by a new version of “TheMoon” malware botnet, turning them into a network of devices used by a criminal residential proxy service.

Researchers from Black Lotus Labs claim the campaign started in early March 2024 and within 72 hours, compromised roughly 6,000 Asus routers. 

These routers are older and past their end-of-life date, prompting the researchers to speculate that the hackers were most likely abusing a known vulnerability to deploy the malware.

Becoming Faceless

While Asus routers do make up the majority of the infected devices, they’re not the only ones. Black Lotus says that roughly 7,000 new endpoints are being added to the botnet every week. They are located all over the world, so no specific geography seems to be preferred. Other methods of breaching the devices include brute-force attacks and credential stuffing.

Once the devices are infected, they become part of the Faceless proxy service, a known dark web tool that hackers use to hide their online activities, BleepingComputer explained. Among the groups using Faceless are IcedID and SolarMarker. 

"Through Lumen's global network visibility, Black Lotus Labs has identified the logical map of the Faceless proxy service, including a campaign that began in the first week of March 2024 that targeted over 6,000 ASUS routers in less than 72 hours," Black Lotus explained. 

Threat actors interested in Faceless’ services can only pay with cryptocurrencies, and do not require to verify their identities. What’s more, they keep their infrastructure a secret by having each device communicate with just one server, for as long as it’s infected. A third of infections last more than 50 days, while roughly 15% get eliminated within two days. 

The best way to defend against these threats is to make sure your routers are always updated and that they have a strong password.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.