The Federal Bureau of Investigation (FBI) has issued an urgent warning, urging Americans to instantly replace outdated internet routers. Cybercriminals are exploiting these vulnerable devices to install malware and conduct illicit activities through unsuspecting users’ home and business networks.

the Threat: “TheMoon” Malware and Proxy servers

Federal agents are specifically targeting end of life routers—older models that manufacturers no longer support with crucial security updates. These routers are being infected with a variant of TheMoon malware. Once compromised, these devices are transformed into proxy servers, enabling criminals to conceal their true locations while engaging in a range of online crimes.

The infected devices are then used as proxy servers, allowing criminals to mask their real locations while committing online crimes ranging from financial theft to illegal transactions on the dark web.

FBI

How Hackers Exploit Vulnerable Routers

The FBI explained that the lack of security updates for older routers creates an easy entry point for hackers. Once inside, they install malicious software that grants them control over the device.

Once they get in,hackers install harmful software that lets them take control of the router.

FBI

These hijacked routers are then used for various nefarious purposes, including launching cyberattacks and selling access through services like 5Socks and Anyproxy. This allows other malicious actors to mask their online identities and engage in illegal activities with impunity.

The Spread of TheMoon Malware

The FBI notes that TheMoon malware has evolved significantly since its initial detection in 2014. It now actively scans for open ports on vulnerable routers and installs itself without needing a password. Once inside, the malware can spread to other systems and remain hidden, facilitating illegal activity without the userS knowledge.

Once inside, the malware can spread to other systems and remain hidden while passing on illegal activity back and forth—leaving people unaware their network has been turned into a digital accomplice.

FBI

Which Routers Are Most vulnerable?

Routers manufactured in 2010 or earlier are notably susceptible, especially if remote governance is enabled. Many users may be unaware that their devices are outdated and lack essential firmware protections, making them easy targets.

Warning Signs of Router Infection

The FBI advises users to be vigilant for the following warning signs that may indicate a router infection:

• Overheating
• Unusual settings changes
• Spotty internet connectivity

At-Risk Router Models

The following router models are particularly vulnerable to compromise:

• E1200
• E2500
• E1000
• E4200
• E1500
• E300
• E3200
• WRT320N
• E1550
• WRT610N
• E100
• M10
• WRT310N

Recommended Actions

The FBI urges consumers and businesses to take the following steps to protect their networks:

• Replace unsupported routers with newer models.
• Disable remote access features.
• install all security patches.
• Use strong, unique passwords.

If you suspect your router might potentially be compromised, report the activity to the FBI’s Internet Crime Complaint Center.