Posted 3/26/2024, 3:00:00 PM
New 'TheMoon' Botnet Rapidly Infects Thousands of ASUS Routers to Power Shady 'Faceless' Proxy Service
- New "TheMoon" botnet infects 6,000 ASUS routers in under 72 hours to use them as proxies for the "Faceless" service.
- Faceless is a proxy service used by cybercriminals to hide malicious activity; pays only in crypto.
- TheMoon exploits vulnerabilities and brute forces passwords to breach routers, checks for compatible shells.
- Infections last over 50 days for 1/3 of devices, while 15% are lost in under 48 hours.
- Defenses include strong passwords, updated firmware, replacing end-of-life models.