THE AryStinger botnet has targeted and hijacked over 4,300 D-Link routers and NAS devices, primarily the D-Link DIR-850L and DIR-818LW models, which are now unsupported and vulnerable due to long-disclosed exploits. This botnet turns compromised devices into "Executors" that facilitate large-scale reconnaissance operations, allowing attackers to scan networks and tamper with DNS settings.
Users of infected devices might notice subtle signs like slower connection speeds or unexpected traffic spikes, leading to serious risks concerning privacy and potential liability. To mitigate these risks, it is recommended that affected users apply firmware updates, change default passwords, disable remote management, and eventually replace such end-of-life devices.