Back

FBI Warns of Compromised Routers in Ongoing Malware Operation

Severity: High (Score: 69.5)

Sources: Housedigest, Aol, Bgr

Summary

The FBI has issued warnings regarding 18 popular router models that have been compromised in a malware operation, as detailed in a FLASH notice dated March 12, 2026. These routers, including models from D-Link, Netgear, TP-Link, and Zyxel, were exploited due to vulnerabilities such as Remote Code Execution and command injection. The malware, referred to as AVrecon, has affected approximately 369,000 devices globally since 2020, with thousands of devices being sold as residential proxies to hide the identities of cybercriminals. The FBI's earlier advisory in May 2025 listed 12 outdated routers that posed significant security risks due to lack of manufacturer support. Users are urged to ensure their devices are updated and to replace any end-of-life routers. The scale of the operation has impacted devices in the U.S. and over 160 other countries, highlighting the global reach of this cyber threat. The FBI emphasizes the importance of regular software updates to mitigate such risks. Key Points: • The FBI identified 18 compromised router models in a March 2026 FLASH notice. • The malware AVrecon has affected approximately 369,000 devices since 2020. • Users should replace outdated routers and ensure devices are regularly updated.

Key Entities

  • Botnet (attack_type)
  • Malware (attack_type)
  • Austria (country)
  • France (country)
  • Netherlands (country)
  • AVRecon (malware)
  • TheMoon (malware)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • T1105 - Ingress Tool Transfer (mitre_attack)
  • Android (platform)
  • Linksys (platform)
  • Cisco (company)
  • SocksEscort (company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed