A newly discovered malware botnet dubbed AryStinger has hijacked over 4,000 legacy D-Link routers, converting them into a distributed network of "executors." These compromised devices are used to perform malicious activities including parallel scanning, proxying, and tunneling, allowing attackers to efficiently footprint targets while obfuscating their origin. The malware also possesses capabilities to tamper with DNS settings and monitor network traffic.
Technically, AryStinger exists in two variants: a C-based version targeting end-of-life routers and a more advanced Go-based version targeting NAS systems. The NAS variant integrates open-source penetration testing tools for internal network reconnaissance and supports execution of source code in multiple languages. Security experts recommend replacing end-of-life hardware immediately, as these vulnerabilities are actively being exploited to build resilient attack infrastructures.
Top comments (0)