FBI FLASH Notice: Malware Attacks on Consumer Routers
The FBl has issued a FLASH notice naming 18 widely used router modes that were targeted in a large malware attack. The affected devices include routers from D-Link, Netgear, TP-Link, and Zyxel. According to the notice, attackers exploited known vulnerabilities to install malware called AVrecon, then turned those compromised routers into residential proxies.
Residential proxies let criminals route their activity through ordinary home networks, which makes it much harder to trace what they are doing, In plain English, they are effectively paying for access to your connection so they can hide behind your IP address. The FBl estimates access to roughly 369,000 devices has been sold since 2020, spanning more than 160 countries.
This is another reminder that old, internet-facing infrastructure does not just become “out of date.” It becomes someone else’s infrastructure. The good news is that many of these devices do have firmware patches available from the manufacturers. If you are running one of these routers, check the vendor site, update the firmware, disable remote administration if you do not need it, and replace the device entirely if it is no longer supported.
For more information: https://www.ic3.gov/CSA/2026/260312.pdf
