Cyclops Blink malware launches persistent attacks on several popular ASUS routers
ASUS says that the affected products include the GT-AC5300, GT-AC2900, RT-AC5300, RT-AC88U, RT-AC3100, RT-AC86U, RT-AC68U, AC68R, AC68W, AC68P, RT-AC66U_B1, RT-AC3200, RT-AC2900, RT-AC1900P, RT-AC1900P, RT-AC87U, RT-AC66U, and RT-AC56U router models. The last three have reached End-of-Life (EOL) status.
To help owners of these routers take necessary precautions, we compiled a security checklist:
(1) Reset the device to factory default: Login into the web GUI(http://router.asus.com) , go to Administration → Restore/Save/Upload Setting, click the “Initialize all the setting and clear all the data log”, and then click Restore button”
(2) Update all devices to the latest firmware.
(3) Ensure default admin password had been changed to a more secure one.
(4) Disable Remote Management (disabled by default, can only be enabled via Advanced Settings).
Security firm Trend Micro first discovered the attack on Asus routers by Cyclops Blink malware allegedly linked to Russia. Cyclops Blink malware exploited numerous routers and other IoT devices, but the hackers aren’t aiming to mine cryptocurrency. Analysis shows that the malware used by the botnet is very complex, and the ultimate goal of the attackers behind it may be to steal information, including all kinds of confidential information.