bleepingcomputer[.]com/news/security/themoon-malware-infects-6-000-asus-routers-in-72-hours-for-proxy-service/
A new variant of "TheMoon" malware botnet has been spotted infecting thousands of outdated small office and home office (SOHO) routers and IoT devices in 88 countries.TheMoon is linked to the "Faceless" proxy service, which uses some of the infected devices as proxies to route traffic for cybercriminals who wish to anonymize their malicious activities.
Black Lotus Labs researchers monitoring the latest TheMoon campaign, which started in early March 2024, have observed 6,000 ASUS routers being targeted in under 72 hours.
The threat analysts report that malware operations such as the IcedID and SolarMarker currently use the proxy botnet to obfuscate their online activity.
To defend against these botnets, use strong admin passwords and upgrade your device's firmware to the latest version that addresses known flaws. If the device has reached EoL, replace it with an actively supported model.Common signs of malware infection on routers and IoTs include connectivity problems, overheating, and suspicious setting changes.