Hackers weaponize 4,000 routers as global attack proxies
Last week’s malware landscape showed a striking blend of scale and sophistication: more than four thousand legacy routers were silently repurposed into global attack proxies, while fresh campaigns exploited everyday tools like WhatsApp and official plugin repositories.
A botnet built on forgotten hardware
Thousands of aging routers—often overlooked and unpatched—have been commandeered by the AryStinger malware family. Once infected, the devices are folded into a sprawling proxy network that attackers can rent or weaponize for traffic redirection, credential harvesting, or brute-force campaigns. The operation highlights how long-forgotten hardware can become an insidious asset in modern cybercrime.
Social channels as attack vectors
In parallel, a VBScript-based campaign spread through WhatsApp messages, quietly installing remote monitoring and management software on victim devices. The payload arrives disguised as routine updates or support files, turning personal chats into covert delivery channels. Researchers warn that the technique lowers barriers to entry, letting less sophisticated actors launch targeted intrusions with minimal effort.
Supply chains under the microscope
Legitimate plugin ecosystems continue to attract adversaries. A recent compromise of ShapedPlugin and other WordPress add-ons shows how poisoned updates can backdoor entire websites without raising immediate suspicion. The incident underscores the difficulty of securing third-party code and the cascading risk when a single compromised component spreads across thousands of installations.
While law-enforcement takedowns like Operation Endgame have disrupted major malware families, the rapid evolution of loaders, ransomware variants, and backdoors suggests the arms race is far from over. Security teams are advised to audit router firmware, scrutinize plugin sources, and treat social messages as potential attack vectors until proven otherwise.
Source: Security Affairs. AI-assisted editorial synthesis — TechnoExpress.