AVrecon malware infects 70,000 Linux routers to build botnet

[coxhaus]

This looks bad.

AVrecon malware infects 70,000 Linux routers to build botnet

Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers and add them to a botnet designed to steal bandwidth and provide a hidden residential proxy service.

www.bleepingcomputer.com

 

[L&LD]

Yes, it does.

If you're online, nothing is secure (not even Linux).

 

[Paliv]

Yes, it does.

If you're online, nothing is secure (not even Linux).

Especially not Linux.

 

[NoYB]

Especially not Linux.

I think Linux is pretty secure. But not 100% as with everything else. Then what do we mean by Linux? Kernel? The whole operating system and so on.

 

[sfx2000]

This looks bad.

Hmmm - is it really?

Only 70K devices?

Also noticed they didn't call out any specific vendors here...

Mostly a concern because of a lack of information...

 

[cptnoblivious]

<snip>

Mostly a concern because of a lack of information...

^ Bolding mine.

There is nothing in the article (or others I've seen) to indicate how to mitigate, what the exact issue / exploit is and what can be done.

For me that means 'business as usual' i.e. no external access to the router config, up-to-date Merlin version, ad & telemetry blocking DNS server internally pointing to a 'protected' DNS upstream that also filters out known bad domains.