AryStinger is a previously undocumented botnet that has compromised more than 4,000 outdated routers, turning them into proxies for malicious traffic and distributed scanning. It targets older D-Link routers and some NAS systems, with infections concentrated in South Korea and China, while researchers have not yet linked it to a known threat actor. #AryStinger #DLinkDIR850L #DLinkDIR818LW #AVrecon #XLab
Keypoints
- AryStinger has infected more than 4,000 outdated routers.
- The botnet turns devices into remotely controlled executors for scanning and proxying.
- It can also tamper with DNS settings and monitor network traffic.
- The malware exploits older flaws in D-Link DIR-850L and DIR-818LW routers.
- XLab found both C-based router malware and a more advanced Go-based NAS variant.