The FBI has raised alarms regarding the security weaknesses of many older routers, particularly in relation to the AVrecon malware. Once these routers are infiltrated, hackers install malware and subsequently sell access to these compromised devices via the SocksEscort residential proxy service, a process that has been successfully executed over 369,000 times, according to the agency.
The statement from the FBI mentions, “The FBI and its partners have observed several indicators that suggest the use of SocksEscort for various malicious activities including ad fraud, website exploit attempts, password spraying, and multiple other forms of fraudulent actions.”
In its ongoing battle against SocksEscort, the FBI has noted that specific router models are more susceptible to malware attacks due to their lack of regular security updates, which hackers exploit. The FBI highlights older models from D-Link (DIR-818LW, 850L, 860L), Netgear (DGN2200v4, AC1900 R700), TP-Link (Archer C20, TL-WR840N, TL-WR849N, WR841N), and Zyxel (EMG6726-B10A, VMG1312-B10D, VMG1312-T20B, VMG3925-B10A, VMG3925-B10C, VMG4825-B10A, VMG4927-B50A, VMG8825-T50K).
Identifying AVrecon Malware Infections in Your Router
Detecting an AVrecon malware infection in your router can be challenging, but the FBI has provided some tips for maintaining vigilance and security. A critical step is to verify whether you own one of the commonly targeted older routers or another outdated variant lacking routine updates. If so, the recommended action is to replace it with a newer model that still receives security updates. Additionally, keep your system, software, and firmware updated, which may occasionally need manual intervention. Enabling enhanced privacy and security settings is also advisable. Once a router is infected, removing the malware can be particularly difficult.
If you suspect your router is compromised, utilize a network monitoring tool capable of analyzing network traffic to uncover any unusual activities. Signs of infection include unexpected behaviors. The FBI cautions that while rebooting the router may disrupt some infections, it does not safeguard against future attacks. Performing a factory reset to implement the latest firmware can further limit the risk of infection; however, it is crucial to note that some variants of AVrecon may already impede this option, and it will not necessarily assist in identifying the vulnerabilities that hackers could exploit in the future. The FBI has also recently highlighted the issue of criminals leveraging residential proxies to use your IP address for illicit online activities.
