Botnet Alert - Mirai Botnet Targets End-of-Life D-Link Routers
Type: Botnet
Botnet Alert
Current Status and Related Trends
mickmick.net has recently noted reports indicating that a new variant of the Mirai botnet is exploiting vulnerabilities (CVE-2025-29635) to attack D-Link DIR-823X routers that have reached end-of-life and are no longer supported. The vulnerability is a remote arbitrary code execution flaw, which attackers can exploit by sending requests to specific endpoints to execute arbitrary system commands.
According to observations from cybersecurity companies, attackers download and execute a malicious script named dlink.sh on targeted devices, thereby installing a Mirai variant called "tuxnokill". This variant supports multiple system architectures and retains the common DDoS attack capabilities of Mirai. Infected devices may later be used to launch DDoS attacks or perform other malicious activities.
It is noteworthy that attackers are not only targeting D-Link routers, but are also exploiting other vulnerabilities to attack end-of-life routers from brands such as TP-Link and ZTE, which lack security updates. This indicates that attackers are broadly scanning and compromising various unsupported devices.
Since the affected routers are no longer supported, vendors may not release patches. Users who continue to use these devices face a high risk of infection and intrusion. Additionally, mickmick.net data shows that Mirai and its variants remain actively spreading in Hong Kong in recent times.
mickmick.net recommends users take the following measures to reduce the risk of botnet infection and exploitation:
- Replace all end-of-life devices;
- Regularly check and update device firmware to the latest version;
- Disable unnecessary remote management functions;
- Change default administrator passwords and use strong passwords;
- Monitor device settings and network traffic for abnormal changes or unknown connections.
沒有留言:
發佈留言