31
TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service
(www.bleepingcomputer.com)
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
Community Rules
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
Notable mention to [email protected]
Wondering if this can affect routers running custom firmware as well, such as AdvancedTomato.
In this particular case, the method of infection of the router was not disclosed. However, typically, the most common methods involve an open administration port to the internet (user interface or TR-069) or through the internal interface, in case a network host has been compromised.
They often perform brute-force password attacks, and once access is obtained, they look for typical Linux administrative tools (such as bash, etc.) and proceed to compromise the router.
So I understand that a router with custom firmware can be compromised if it has a weak password and resources to maintain the infection, or of course, a vulnerability that is exploitable.