SECURITY researchers at QiAnXin XLab have uncovered AryStinger malware infecting over 4,300 outdated routers worldwide, particularly targeting RTL819X series devices. This malware exploits vulnerabilities such as CVE-2013-3307 and CVE-2016-5681 to create a large botnet for intrusion reconnaissance. The infections, concentrated in South Korea and China, lead to potential threats to privacy and national security.
The infection process involves multiple stages, including establishing persistent management channels and collecting device information to send back to command servers. To counteract these threats, network administrators are advised to monitor for signs of infection and replace legacy hardware.