Malware damaging ASUS routers?

[CrashXRu]

If your router is not working, write to telegram @CrashXRu, I will restore the devices if possible

 

[soccerjoshj07]

If your router is not working, write to telegram @CrashXRu, I will restore the devices if possible

Someone else was able to help here - thank you @ColinTaylor

Super appreciate everyone’s willingness to help here.

 

[Mitt]

Yep SNB is a GREAT community.

But Asus has really harmed my trust in their product after a router malware attack.

 

[iFrogMac]

Yep SNB is a GREAT community.

But Asus has really harmed my trust in their product after a router malware attack.

The impression I gather from watching this situation unfold is it's a combination of user error ( people using features that can potentially attract attacks) and also fixes needing to be applied to the software. I saw more people suffer loss from these attacks who used the sharing functions over those who didn't. With that said I think a few people still got hit who didn't use AICloud, but most who did get hit, had it enabled, as well as WAN access If I remember correctly.

 

[Tech9]

it's a combination of user error

How come using available firmware feature is a user error??

 

[iFrogMac]

How come using available firmware feature is a user error??

I said what I did because, even though the features exist, it's always been a recommendation not to use the router for sharing, but a device behind the router. So maybe it's not user error, but it's not best security practices either. I could apply the same argument to myself while I had UPNP enabled for the software I was using. However, after re-evaluating my use case and deciding I didn't need to keep the software around, I disabled UPNP. Same with AICloud functions built into the router. It's there for convenience, but the better solution would be to use a device to share data behind the router. It also depends on the use case too as far as why and how sharing was being used. You and quite a few others have also made the same observations / recommendations I mentioned here about using a device behind the router for sharing vs the router itself.

 

[Tech9]

it's always been a recommendation not to use the router for sharing

There is no such recommendation in the User Manual nor advice to check public forums before using the device.

 

[Kingp1n]

There is no such recommendation in the User Manual nor advice to check public forums before using the device.

I think not using the router for sharing recommendations are more in general terms and not specific to any brand hence maybe not user-error but more of not knowing in using the router for sharing.

 

[Tech9]

Consumer users are not expected to have any prior networking or security knowledge.

 

[Kingp1n]

Consumer users are not expected to have any prior networking or security knowledge.

They will now haha

 

[Tech9]

Now they will know, but still not user error.

 

[iFrogMac]

Well user-error and user-ignorance can go hand and hand because they make mistakes by not knowing the right way of doing things.

 

[Tech9]

Your general talk about "sharing" practices is actually unrelated to AiCloud - its main purpose is not in sharing. Your new toy router may get hacked tomorrow and you may not even notice. Your previous Asus router at some point had a firewall open for about a month and you didn't know about it. So gather impressions and make sure, but don't judge others just because you've got lucky and bad things didn't happen to you... yet.

Remember this impression?

I decided to go with TP-Link because reading reviews and forum posts people were giving me the impression Asus routers were not reliable especially lately.

Based on your own assessment you did 3 user errors in short period of time - Asus RT-AX82U, Asus RT-AX86U, Asus RT-BE92U... why?

 

[iFrogMac]

Your general talk about "sharing" practices is actually unrelated to AiCloud - its main purpose is not in sharing. Your new toy router may get hacked tomorrow and you may not even notice. Your previous Asus router at some point had a firewall open for about a month and you didn't know about it. So gather impressions and make sure, but don't judge others just because you've got lucky and bad things didn't happen to you... yet.

Remember this impression?



Based on your own assessment you did 3 user errors in short period of time - Asus RT-AX82U, Asus RT-AX86U, Asus RT-BE92U... why?

It's been quite a while since I had to find something to replace the Apple Airport I was used to. Anyway, I don't mind saying I've made plenty of mistakes along the line.
First off, you quoted a post about TP-Link. I no longer have any TP-Link Routers, I got rid of them all after learning about the potential ban on them.
Also, I was initially going to look into a small business solution because I was getting tired of consumer routers and their buggy firmware, and limitations. Before doing that though, I decided to try an Asus router, as it's the one brand I never tried, and I had heard good things about them.

So, As You know, I went with the RT-AX82U as I liked the designed and it was cheaper than the 86U. I had issues with my smart devices with it, that I couldn't resolve. So, I sent it back to Amazon while I was still in the return window, and got the 86U. Stuck with it until this year, when I learned about the faster internet plans I had access to, and wanted to try them to see what benefit they'd have for me. The other reason was with all the talk on the forum these malware attacks me wanting to be proactive to avoid potential issues.

I'm using the BE92U now with the 86U put away as a backup.

Looking back, I think if I were to do it over, I probably would have gone with Unify products so I could get a separate AP and Router. That way I could have gotten a router with the port speeds I wanted to have for future proofing, and then the ability to upgrade the AP separately as I got more devices that are compatible with new wireless standards.

So at the end of the day, I'm sure I could have done things differently. The main takeaway here though is, I wanted something that just worked like my Airport, that's the first thing I had trouble finding, and then second as more things in terms of plan upgrades became available to me, I wanted something that could fully take advantage of them. Now, I'm kind of just settled into what I have now.

 

[Tech9]

I have tried to help you for many things in many threads. My own impression based on our conversations - you are not in a good position to determine what is wrong or right way of doing things. The reason you want to make sure all the time is because your default state is not sure. So don't comment user-error or user-ignorance for things you know little about. Back in a day there was malware infecting Asus routers running 384 firmware. It was never found/disclosed how exactly it does it. Then Asus update servers were hacked, someone found a way to distribute malware with updates. Few years back Asus "hacked" their own routers with bad ASD update by mistake. Something new will come tomorrow, no guarantees and no protection for unknown vulnerabilities or software bugs. None of it is/was user error.

Feel free to share more stories and impressions. Have a good day!

 

[thiggins]

@Tech9 , @iFrogMac You two will need to agree to disagree. I suggest you spend some time ignoring each other for awhile.

 

[Tech9]

Does anyone have any official statement on this?

Yes, Asus:

News - ASUS Product Security Advisory - ASUS Router AiCloud vulnerability (01/02/2025)

Asus posted a Product Security Advisory on Jan 2, 2025 for Asus router AiCloud vulnerability. https://www.asus.com/content/asus-product-security-advisory/ 01/02/2025 ASUS Router AiCloud vulnerability Injection and execution vulnerabilities in certain ASUS router firmware series that allow...

www.snbforums.com

 

[John Fitzgerald]

Does anyone have any official statement on this?

Asus office is saying there has not been a malware attack on routers,, and im the only one.

If anyone has any documentation, messages or anything it would help!

Expert Blog: Consumer routers targeted by multiple botnets

The National Cyber Security Centre (NCSC-NL) has, following an incident response investigation, detected two botnet malware families simultaneously on a consumer router: Alogin botnet malware and TheMoon malware. This blog post explains the investigation and takes a closer look at the two...

english.ncsc.nl

ASUS router infected with botnet via Aicloud at DuckDuckGo

DuckDuckGo. Privacy, Simplified.

duckduckgo.com

 

[Mitt]

Yes, Asus:

News - ASUS Product Security Advisory - ASUS Router AiCloud vulnerability (01/02/2025)

Asus posted a Product Security Advisory on Jan 2, 2025 for Asus router AiCloud vulnerability. https://www.asus.com/content/asus-product-security-advisory/ 01/02/2025 ASUS Router AiCloud vulnerability Injection and execution vulnerabilities in certain ASUS router firmware series that allow...

www.snbforums.com

Thanks man, this is perfect!

 

[bbunge]

Asus support has provided me a beta frimware that seems to correct some of the issues, but the router itself (its wifi) is running at 2-40mbps now, rediculously slow.
Has the malware caused permanent damage to my routers, or has the asus frimware not fully corrected it?

Asus offered a mail in diagnostic, but told me i may have to pay hundreds to repair it, should they be liable?
Additionally, the new frimware forces a EULA to be accepted to use the router, so i assume they were exposed legally from this situation.
I used an adblocker to block the popup to not accept it.

Do a factory reset and manually configure. Do not use a saved settings file! And accept the EULA and other firmware upgrade agreements. Not doing so may, no will, cause problems. Accepting them will not hurt you one bit.