AryStinger Malware Turns Legacy Routers into Large-Scale Reconnaissance Network

Researchers have identified a new malware family called AryStinger that has infected more than 4,300 legacy routers and network devices to create a distributed reconnaissance and proxy network. Unlike traditional botnets focused on denial-of-service attacks, AryStinger is designed to scan internet-facing systems, fingerprint services, enumerate subdomains, tunnel traffic, and relay attacker activity while concealing its true origin. The malware primarily targets outdated Realtek-based routers by exploiting years-old vulnerabilities in Linksys and D-Link devices, with a second variant also targeting QNAP NAS systems through a previously patched flaw. Researchers warn that the campaign highlights the ongoing security risks posed by end-of-life network hardware, which can be repurposed into stealthy infrastructure supporting future cyber intrusions.

Reference: thehackernews.com