A significant new threat is targeting home and small office networks, specifically impacting ASUS routers. Security researchers have identified a new botnet campaign named AyySSHush actively compromising these devices.
This botnet exploits vulnerabilities to gain unauthorized access and establish a persistent SSH backdoor on affected routers. An SSH backdoor allows attackers to maintain control over the device remotely, bypassing standard security measures. It effectively grants attackers continuous access to the compromised router.
A key concern with this attack is its persistence. The malicious software is designed to survive router reboots. This means simply restarting your router will not remove the backdoor, leaving the device vulnerable to ongoing control by the botnet operators. The persistence mechanism ensures the backdoor remains active even after the router is powered off and on again.
Reports indicate that over 9,000 ASUS routers have already been compromised by the AyySSHush botnet. This highlights the scale of the attack and the potential risk to a large number of users with these devices. The rapid spread suggests the exploit is effective.
A compromised router can be used for various malicious activities without the owner’s knowledge. This includes launching further attacks, stealing bandwidth, redirecting internet traffic, or accessing other devices connected to the local network. It poses a serious security risk to the entire network. Users with potentially affected ASUS routers are strongly advised to take immediate steps to secure their devices. This includes updating router firmware to the latest version provided by ASUS, using strong, unique passwords for the router administration panel and any enabled SSH access, and disabling remote access features if they are not essential for your needs. Regularly checking for security updates from ASUS is crucial to protecting your router from this and future botnet threats.
Source: https://securityaffairs.com/178413/malware/new-ayysshush-botnet-compromised-over-9000-asus-routers-adding-a-persistent-ssh-backdoor.html
