SOHO Router-Targeting Botnet AVrecon Infiltrates More Than 70,000 Devices in 20 Countries: How Dangerous Is This Malware Strain?
1 min read
Jul 17, 2023
A stealthy Linux malware called AVrecon has been infecting over 70,000 small office/home office (SOHO) routers, creating a botnet primarily aimed at stealing bandwidth and operating as a hidden residential proxy service.
This malicious activity enables various criminal actions, including digital advertising fraud and password spraying. Despite its large scale, AVrecon has managed to evade detection since May 2021, making it one of the most significant botnets targeting SOHO routers to date.
AVrecon, identified as a remote access trojan (RAT), successfully compromised over 70,000 Linux-based SOHO routers. However, the malware managed to bypass security detection for more than two years. At that time, it managed to infect only 40,000 devices into the botnet.
According to The Hacker News, the threat actors behind AVrecon likely focused on exploiting vulnerabilities in SOHO devices that users were less likely to patch against common vulnerabilities and exposures (CVEs). This approach allowed the botnet to operate stealthily without causing noticeable disruptions or bandwidth loss for infected device owners.
Related Articles
1 - 0 min read
Tails 5.22 Released with Various Updates & Security Fixes
1 - 0 min read
How to Keep Your Linux System Safe from Kernel Bugs
1 - 0 min read
Navigating the Complexities of Linux Security
