The FBI has issued a warning to U.S. citizens about potential cyberattacks that could be carried out using outdated internet routers.
According to Newsweek, the agency warned that outdated routers — those no longer receiving updates from manufacturers — could be vulnerable to cyber threats. Criminals may exploit these weaknesses to install malware on private devices.
Malware, in particular, poses a serious threat, designed to infiltrate systems, cause disruption, and gain unauthorized access—often to steal money or sensitive information from users.
On Wednesday, the FBI said in a statement that out-of-date routers could allow hackers a way to install malware called TheMoon onto computers and phones.
“When a hardware device is end of life, the manufacturer no longer sells the product and is not actively supporting the hardware, which also means they are no longer releasing software updates or security patches for the device,” the FBI statement said. “Routers dated 2010 or earlier likely no longer receive software updates issued by the manufacturer and could be compromised by cyber actors exploiting known vulnerabilities.”
The statement added that there has already been out of date routers identified as having the malware present.
“End of life routers were breached by cyber actors using variants of TheMoon malware botnet. Recently, some routers at end of life, with remote administration turned on, were identified as compromised by a new variant of TheMoon malware. This malware allows cyber actors to install proxies on unsuspecting victim routers and conduct cyber-crimes anonymously.”
The FBI has been tracking TheMoon malware since its discovery on a compromised router in 2014. Unlike other threats, it doesn’t need a password to infiltrate routers. Instead, it exploits open ports and issues commands to vulnerable scripts, making it particularly dangerous.
The malware communicates with a command and control (C2) server, which then issues instructions. These directives may include directing the infected device to search for additional vulnerable routers, allowing the infection to spread and the network to grow.
“If the router is at end of life, replace the device with an updated model if possible. Immediately apply any available security patches and/or firmware updates for your devices,” the FBI said. “Login online to the router settings and disable remote management/remote administration, save the change, and reboot the router. Use strong passwords that are unique and random and contain at least 16 but no more than 64 characters. Avoid reusing passwords and disable password hints.”
“If you believe there is suspicious activity on any device, apply any necessary security and firmware updates, change your password, and reboot the router.”
