If You Own One Of These Popular Routers, The FBI Has A Serious Warning
The Federal Bureau of Investigation (FBI) has shared concerns over older routers' vulnerabilities when it comes to AVrecon malware. After compromising routers, the hackers will install malware and then sell access to your compromised devices through the SocksEscort residential proxy service — this has been done successfully over 369,000 times, according to the FBI.
"The FBI and its partners have observed various indicators which suggest that SocksEscort has been used to conduct ad fraud, attempt website vulnerability exploitation, password spraying, digital marketplace fraud, banking fraud, romance fraud, and various other types of malicious activity," the announcement reads.
As part of the FBI's continued takedown of SocksEscort, certain routers have been found to be more vulnerable to malware attacks than others due to a lack of regular security updates (which the hackers are aware of and exploit). The FBI has listed older router models from D-Link (DIR-818LW, 850L, 860L), Netgear (DGN2200v4, AC1900 R700), TP-Link (Archer C20, TL-WR840N, TL-WR849N, WR841N), and Zyxel (EMG6726-B10A, VMG1312-B10D, VMG1312-T20B, VMG3925-B10A, VMG3925-B10C, VMG4825-B10A, VMG4927-B50A, VMG8825-T50K).
How do you know if your router has been infected with AVrecon malware?
It can be pretty tricky to identify if your router has been infected with the AVrecon malware, but the FBI has shared some ways to stay alert and safe. One very important thing you should do is check whether you have one of the commonly hacked older routers, or a similarly outdated one that isn't getting consistent updates. If you do, it's best to replace it with a model that is still receiving security updates. Keep the system, software, and firmware up to date — which sometimes has to be done manually. You can also enable more privacy or security settings. Once a router has been infected, it can be very hard to remove it.
If you suspect that your router is already hacked, you can use a network monitoring tool that reports network traffic to identify and detect anything strange — here are some signs to look for. The FBI warns that rebooting the router can disrupt some infections, but won't protect you from future ones. Factory resets to install the latest firmware can further prevent infection, but some AVrecon variants may already have disabled this, and it won't help you pinpoint vulnerabilities hackers can exploit again later. The FBI has also recently issued warnings about residential proxies, in which criminals use your IP address to commit illegal activities online.