Ddos 
The Federal Bureau of Investigation (FBI) has issued a Public Service Announcement highlighting a growing threat in the cyber landscape: criminal proxy services exploiting outdated routers. According to the IC3 alert I-050725-PSA, attackers are hijacking end-of-life (EOL) routers with known vulnerabilities and turning them into anonymous proxies for illicit activity.
“Routers dated 2010 or earlier likely no longer receive software updates issued by the manufacturer and could be compromised by cyber actors exploiting known vulnerabilities,” FBI warns.
At the center of this malicious activity is TheMoon malware, a well-documented botnet first discovered in 2014. The alert warns that cybercriminals are deploying new variants of this malware on unpatched, remotely accessible routers:
“End of life routers were breached by cyber actors using variants of TheMoon malware botnet… allowing cyber actors to install proxies on unsuspecting victim routers and conduct cyber crimes anonymously,” FBI notes.
The malware uses open ports to infect routers without needing a password, connecting them to a command-and-control (C2) server that instructs the device to scan for more targets, expanding the infection footprint across the internet.
Once compromised, these routers are weaponized to serve as proxy servers, effectively hiding the origin of cybercriminals behind the IP addresses of unsuspecting users and businesses:
“When actors use a proxy service to visit a website to conduct criminal activity… the website does not register their real IP address and instead registers the proxy IP.”
This anonymity allows criminals to engage in activities like cryptocurrency theft, fraud, and illegal service access without being easily traced.
According to the FBI, symptoms of a compromised router may include:
- Overheating
- Unexpected changes in settings
- Intermittent connectivity issues
To defend against this threat, the FBI recommends immediate action:
- Replace end-of-life routers with models still supported by the manufacturer.
- Apply all available firmware and security updates.
- Disable remote administration through your router’s settings.
- Use strong, unique passwords (16–64 characters) and avoid reuse.
- Reboot your router regularly to flush temporary malware behavior.
Donate