Thousands of D-Link routers under control of AryStinger botnet
ID: 57e29f8a-b47f-5801-a052-8f14cd78b782
STIX ID: report--57e29f8a-b47f-5801-a052-8f14cd78b782
Feed Name: Malwarebytes Blog
AryStinger is an active botnet composed of compromised end-of-life D‑Link DIR‑850L and DIR‑818LW routers (and some NAS devices) that uses 13‑year‑old vulnerabilities to turn devices into remotely controlled “Executors” for distributed scanning, proxying, DNS tampering, and command execution; researchers observed at least 4,300 infections. The report highlights privacy and abuse risks, detection signs (slow connectivity, DNS redirects, outbound spikes), and remediation steps including replacing EOL devices, applying the latest firmware, changing admin passwords, and disabling remote management.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
