MikroTik Mayhem: 13,000 Hijacked Routers Unleash Malware Madness!

A botnet of 13,000 hijacked MikroTik routers is spreading malware through spam, exploiting misconfigured DNS records. It cleverly uses SOCKS proxies to disguise malicious activities, making it a top-tier magician in the world of cybercrime. Owners should update their routers and change default credentials to avoid becoming part of this digital circus.

3P
Published: January 21, 2025 1:16 pmAdded: January 21, 2025 at 5:27 amAssembled by: The Editor
Pro Dashboard

Hot Take:

In a chilling twist on “hijacking,” some 13,000 MikroTik routers are now moonlighting as unwitting malware delivery boys. Move over, pizza drones; it’s the age of the botnet delivery service—bringing chaos right to your inbox. And to think, your router just wanted to “connect” people!

Key Points:

  • 13,000 MikroTik routers have been commandeered into a botnet for malware distribution.
  • The botnet leverages misconfigured DNS records to sneak past email protections.
  • A malspam campaign uses freight invoice lures to distribute an obfuscated JavaScript payload.
  • Compromised routers are used as SOCKS proxies, hiding the origin of malicious traffic.
  • 20,000 domains are exploited via permissive SPF records, enabling email spoofing.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?