Cybersecurity researchers have analyzed the PolarEdge botnet malware, which targets routers from Cisco, ASUS, QNAP, and Synology to control infected devices. The malware uses TLS communication, anti-analysis techniques, and exploits known security flaws to operate and evade detection. #PolarEdge #CVE-2023-20118
Keypoints
- PolarEdge malware was first documented in February 2025, targeting specific routers for a yet-unknown purpose.
- The botnet communicates via TLS using mbedTLS and supports connect-back and debug modes.
- It exploits a known security vulnerability (CVE-2023-20118) to download and execute a backdoor shell script.
- The malware employs anti-analysis techniques, including process masquerading and configuration obfuscation.
- Recent findings link GhostSocks, a malware-as-a-service, to converting infected devices into SOCKS5 proxies for monetization.
Read More: https://thehackernews.com/2025/10/polaredge-targets-cisco-asus-qnap.html