50,000+ Asus Routers Compromised in Major Malware Campaign

Security researchers have revealed that more than 50,000 Asus routers were compromised in a cyber-operation dubbed Operation Wrthug. These routers were infected with malware that allowed attackers to take control and potentially spy on or manipulate the traffic of users.

The attackers exploited a vulnerability in the routers’ firmware, giving them remote access. Once inside, they installed malware that communicated with a command-and-control (C2) server. The compromised devices could then be used for a variety of malicious tasks, such as redirecting web traffic, intercepting data, or even launching further attacks.

Researchers believe the operation has been ongoing for years, quietly building a large botnet population. The infected routers are mostly located in the U.S., Europe, and parts of Asia, but the exact distribution remains unclear.

The malware used in Operation Wrthug is designed to stay persistent: it can survive reboots and continues to check in with its C2 servers. It’s also modular, meaning the attackers can update or extend its capabilities over time.

Experts warn that users of affected routers may be at serious risk: their network traffic could be manipulated, and sensitive data may be exposed. There is also the danger of these infected routers being used as part of distributed denial-of-service (DDoS) attacks or other large-scale cyber campaigns