Malware damaging ASUS routers?

[imardevries]

Indeed what I started thinking, so I did a reset just now and managed to gain access via the web GUI; after uploading old backup settings it now seems to work just fine, WiFi and all. I immediately shut down AiCloud. Interestingly, I saw I already had the router running on the latest firmware (https://www.snbforums.com/threads/asus-rt-ax82u-firmware-version-3-0-0-4-388_25017-2024-11-18.92963/), so perhaps that saved it from disaster after acess was gained via AiCloud...?

 

[iFrogMac]

Indeed what I started thinking, so I did a reset just now and managed to gain access via the web GUI; after uploading old backup settings it now seems to work just fine, WiFi and all. I immediately shut down AiCloud. Interestingly, I saw I already had the router running on the latest firmware (https://www.snbforums.com/threads/asus-rt-ax82u-firmware-version-3-0-0-4-388_25017-2024-11-18.92963/), so perhaps that saved it from disaster after acess was gained via AiCloud...?

possible your issue wasn't related to malware, if you had already patched the router, and it just needed a factory reset.

 

[imardevries]

I am very much puzzled because I *was* locked out of my router with the identified malware-related message saying more than 10 wrong username/password attempts had been registered, while I had not tried to do anything of the sorts. Also, having shut down AiCloud it still pops up as a service the router seems to be running when checking via Shodan (albeit with a 401 Unauthorized status, mentioning lighttpd/1.4.39 as the server) -- or is this a mislabeled flag that actually says Web Access from WAN is active (due to the Asus Router app)?