Home » Technology » Asus warns of dangerous malware targeting many router models

Asus warns of dangerous malware targeting many router models

rootkit malware

Asus has issued a security advisory for some of the company’s routers. The firmware is vulnerable to the Russia-related Cyclops Blink malware, so a backup measure is urgently needed. That reports that Bleeping Computer Online Magazine “Cyclops Blink” is malware associated with the Russian-backed hacking group Sandworm and has historically targeted WatchGuard Firebox and other SOHO network devices. The manufacturer Asus has now confirmed that its routers are also being attacked.

The malware can enable remote access to compromised networks. One problem with this is that Cyclops Blink is modular and can be quickly adapted to other systems. Infographic Often heard – never used: protective measures on the internet Asus, therefore, has one Compromise Warning and published a security advisory with workarounds for the increased security risk.

Cyclops Blink now targets Asus routers

Trend Micro security researchers examined the malware and found that the malware has a special module that targets various Asus routers. Among other things, the malware can read flash memory to collect information about important files, executable programs, data, and libraries. The malware is instructed to reside in the flash memory and remains there permanently as this memory space is not wiped even with factory resets.

Vulnerable Asus Devices

In a security advisory released today, Asus warns that the following router models and firmware versions are vulnerable to Cyclops Blink attacks:

  • GT-AC5300 firmware on 3.0.0.4.386.xxxx
  • GT-AC2900 firmware on 3.0.0.4.386.xxxx
  • RT-AC5300 firmware on 3.0.0.4.386.xxxx
  • RT-AC88U firmware on 3.0.0.4.386.xxxx
  • RT-AC3100 firmware on 3.0.0.4.386.xxxx
  • RT-AC86U firmware on 3.0.0.4.386.xxxx
  • RT-AC68U, AC68R, AC68W, AC68P firmware below 3.0.0.4.386.xxxx
  • RT-AC66U_B1 firmware at 3.0.0.4.386.xxxx
  • RT-AC3200 firmware on 3.0.0.4.386.xxxx
  • RT-AC2900 firmware on 3.0.0.4.386.xxxx
  • RT-AC1900P, RT-AC1900P firmware below 3.0.0.4.386.xxxx
  • RT-AC87U (EOL)
  • RT-AC66U (EOL)
  • RT-AC56U (EOL)

At this point, Asus has not released any new firmware updates to protect against Cyclops Blink but has recommended the following fixes that can be used to protect the devices. ASUS writes:

  • Factory reset the device: Log in to the web GUI, go to Administration → Reset/Save/Upload Settings, click “Initialize All Settings and Clear All Data Logs” and then click the Restore button.
  • Update to the latest available firmware.
  • Make sure the default administrator password has been changed to a more secure one.
  • Disable remote management (disabled by default, can only be enabled through advanced settings).
  • If you are using any of the three models marked EOL (End of Life), please note that they are no longer supported and therefore will not receive a firmware security update. In this case, you are advised to replace your device with a new one.