AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network

A new malware family named AryStinger has infected at least 4,300 legacy routers, transforming them into a distributed reconnaissance and proxy network, according to QiAnXin's XLab. This malware targets the pre-attack reconnaissance phase, a departure from typical router infections that often lead to DDoS botnets. The number of infected devices is reportedly still increasing. AryStinger exploits vulnerabilities in older router models that are often overlooked by users and security professionals. The malware's primary function is to gather intelligence about target networks before a more significant intrusion is attempted. This allows attackers to map out network infrastructure, identify potential entry points, and collect sensitive information without immediately triggering alarms. The use of compromised routers as a proxy network also helps attackers anonymize their activities, making it more difficult to trace their origins. QiAnXin's XLab has been monitoring the spread of AryStinger and has published details on its operational methods and the types of routers most commonly affected. The research highlights the persistent threat posed by unsecured or outdated network devices in homes and small businesses, emphasizing the need for regular firmware updates and enhanced security practices for all connected hardware.