Critical Vulnerability in Asus Routers: Hidden Backdoor Discovered

Cybersecurity specialists from GreyNoise have revealed a widespread problem in Asus routers. Thousands of home and office devices have been infected with an invisible backdoor that persists even after reboots and firmware updates.

Attack Mechanism

Cybercriminals exploit previously unknown vulnerabilities to gain administrative access to routers. After infiltration, they install a public encryption key, allowing them to subsequently connect to the device with administrator privileges without obstruction.

The distinctive feature of this backdoor lies in its persistence - it remains active even after standard system recovery procedures. This indicates a high level of preparation by the attackers, possibly connected to state structures.

Scale of the Problem

According to researchers, approximately 9,000 devices worldwide have already been infected, and this number continues to grow. Interestingly, there are no signs of active use of these devices in cyberattacks yet - possibly the criminals are accumulating resources for future operations.

How to Detect Infection

Asus router owners can check their devices in the following ways:

• Check SSH settings in the administration panel
• Pay attention to SSH connections through port 53282
• Check logs for suspicious IP addresses: 101.99.91.151, 101.99.94.173, 79.141.163.179, 111.90.146.237
• Find in the system a key of the form "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAo41nBoVFfj4HlVMGV+YPsxMDrMlbdDZ"

Protection Recommendations

To protect against such threats, specialists recommend:

• Regularly update router firmware
• Use complex passwords for administrative access
• Disable unnecessary network services
• Monitor device network activity

Official information from Asus is available on the company's official website.

If you have any problems, write to us, we will help quickly and efficiently!