FBI Warns of Attacks on Old Internet Routers, Explains How to Prevent Them

The FBI recommended that people replace older routers with an updated model or take other actions.

Save

FBI Warns of Attacks on Old Internet Routers, Explains How to Prevent Them — An FBI agent walks toward a crime scene in a file photo. Mario Tama/Getty Images

5/8/2025Updated: 5/8/2025

0:00

The FBI on Wednesday warned that American internet users and smaller businesses should be wary of entities taking advantage of older internet routers that could be “susceptible to vulnerabilities,” namely from a malware known as “TheMoon.”

“When a hardware device is end-of-life, the manufacturer no longer sells the product and is not actively supporting the hardware, which also means they are no longer releasing software updates or security patches for the device,” the agency said.

“Routers dating from 2010 or earlier likely no longer receive software updates issued by the manufacturer and could be compromised by cyber actors exploiting known vulnerabilities.”

The bureau noted that some older routers were breached by hackers using TheMoon malware and that recently some end-of-life routers “were identified as compromised by a new variant of TheMoon malware,” allowing the “cyber actors to install proxies on unsuspecting victim routers and conduct cyber crimes anonymously.”

Private cybersecurity organizations have been detailing the threat posed by TheMoon for years, which according to a statement by Broadcom, has been recently targeting “insecure outdated home routers, particularly those manufactured by Asus” as well as other devices such as Internet of Things devices such as smartwatches, smart TVs, industrial equipment, and others.

“After compromising these devices, the malware utilizes them to route traffic through a proxy service known as Faceless,” added Broadcom, which owns subsidiaries that produce the Norton, Avast, AVG, and Avira anti-virus programs. “It actively seeks out specific shell environments to execute its primary malicious payload and establishes connections with the threat actors’ command and control server to receive further instructions.”

The FBI recommended that older routers be replaced with an updated model, and users apply a security patch if available for the device, as well as disable remote management or remote administration on the router, and use strong passwords of more than 16 characters.

“Commonly identified signs of malware infections on routers include overheating devices, problems with connectivity, and changes to settings the administrator does not recognize,” the FBI said.

Telecommunications company Lumen Technologies identified a multi-year-long campaign to target older routers and internet-connected devices using an updated version of TheMoon malware to prop up a cybercriminal group also known as “Faceless.”

“Lumen has stopped all traffic to and from the infrastructures associated with TheMoon and Faceless across its global network,” the company said in a statement last year. “Small office routers continue to be a key target for cybercriminals. In less than two years, Black Lotus Labs has discovered six large malware campaigns using compromised [small office/home office] routers.”

FBI Director Kash Patel testified this week before Congress and said the FBI seeks about $11.1 billion to fund its law enforcement activities, $1 billion more than the White House proposed.

“We have not looked at who to cut,” Patel said, referring to possible staff terminations. “We are focusing our energies on how not to have them cut.”

Reuters contributed to this report.

FBI Warns of Attacks on Old Internet Routers, Explains How to Prevent Them

Trump Admin Asks Supreme Court to Revoke 530,000 Immigrants’ Temporary Status

Bill Gates Announces Plan to Give $200 Billion to Foundation by 2045

North Carolina Supreme Court Candidate Concedes Race After 6 Months

Fetterman Says New Claims About His Health Come From ‘Disgruntled Staffers’