Menu
What's new
By:
Filters Better Search

Malware damaging ASUS routers?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Back on topic folks.
 
FYI the Asus-Merlin prebeta test builds for 386.14_2 and 388.8_3 are now available. Both have a; FIXED: Security issues in AiCloud (backports from Asus) fix.
Pre-beta test builds

www.snbforums.com

[ 386.14_1 Build(s) ] available build(s)

https://www.asuswrt-merlin.net/test-builds 386.14_2 (xx-xxx-2024) - UPDATED: OpenVPN to 2.6.12. - CHANGED: Enabled Netfilter queue support for SDK6/SDK7 devices (patch by HiHat) - FIXED: Security issues in AiCloud (backports from Asus) - FIXED: CVE-2024-2511, CVE-2024-4741...
www.snbforums.com www.snbforums.com
386.14_2 (xx-xxx-2024)
- UPDATED: OpenVPN to 2.6.12.
- CHANGED: Enabled Netfilter queue support for SDK6/SDK7
devices (patch by HiHat)
- FIXED: Security issues in AiCloud (backports from Asus)
- FIXED: CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 &
Implicit rejection for RSA PKCS#1 in openssl
(backport from Ubuntu by RSDNTWK)
www.snbforums.com

[ 3004_388.8_3 Build(s) ] available build(s)

https://www.asuswrt-merlin.net/test-builds https://www.asuswrt-merlin.net/download 3004.388.8_4 (xx-xxx-2024) - CHANGED: VPN killswitch will now only be active if the VPN client itself is enabled. If you stop/start the client yourself over SSH, you need to also...
www.snbforums.com www.snbforums.com
3004.388.8_4 (xx-xxx-2024)
- CHANGED: VPN killswitch will now only be active if the
VPN client itself is enabled. If you stop/start
the client yourself over SSH, you need to also
update the enabled/disabled nvram setting.
- FIXED: Security issues in AiCloud (backports from Asus)
- FIXED: CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 &
Implicit rejection for RSA PKCS#1 in openssl
(backport from Ubuntu by RSDNTWK)

(Yes that is a 388.4 typo in the change log for 388.3)

Note: The above firmware are TEST BUILDS and may have issues or bugs in them so keep that in mind if you are going to install them to mission critical production routers!!!
 
Last edited:
jrl64z said:
Hi,
Found this Github Page where you can run the script if your router is infected. hope it helps..
github.com

GitHub - NCSC-NL/asusrouter-malware-scan: This repository contains a script to check your ASUS router for signs of malware by examining running processes, files, and certain settings.

This repository contains a script to check your ASUS router for signs of malware by examining running processes, files, and certain settings. - NCSC-NL/asusrouter-malware-scan
github.com github.com
Click to expand...
Shame it can't actually remove this malware. I'm wondering if this is the same script that came up a while ago, and whether it's been updated for this new malware - there's only ever been two versions and this latest version is October 18th.
Besides, once the router is infected it's obvious without the need to test.
 
jrl64z said:
Hi,
Found this Github Page where you can run the script if your router is infected. hope it helps..
github.com

GitHub - NCSC-NL/asusrouter-malware-scan: This repository contains a script to check your ASUS router for signs of malware by examining running processes, files, and certain settings.

This repository contains a script to check your ASUS router for signs of malware by examining running processes, files, and certain settings. - NCSC-NL/asusrouter-malware-scan
github.com github.com
Click to expand...
That’s specific for the two botnet malware families mentioned in this article:

english.ncsc.nl

Expert Blog: Consumer routers targeted by multiple botnets

The National Cyber Security Centre (NCSC-NL) has, following an incident response investigation, detected two botnet malware families simultaneously on a consumer router: Alogin botnet malware and TheMoon malware. This blog post explains the investigation and takes a closer look at the two...
english.ncsc.nl english.ncsc.nl

Are these the same as we are discussing here?
 
If this script can't do anything about it it's like "Congratulations - you router is infected". And then what?
 
You must log in or register to reply here.

Similar threads

F
Release ASUS ZenWiFi XT9 Firmware version 3.0.0.4.388_24684 (2024/11/05)
Replies
0
Views
318
fruitcornbread
F
Lax
Release Firmware release for ASUS GT-BE98 Pro: Version 3.0.0.6.102_34508 dated: 11/05/24
Replies
5
Views
277
Lax
Lax
visortgw
Release ASUS GT-BE98 Pro Firmware version 3.0.0.6.102_34508 (2024/11/05)
Replies
2
Views
298
Metroguy
M
D
Release ASUS ZenWiFi XT8 Firmware version 3.0.0.4.388_24684
Replies
5
Views
1K
kaktus
kaktus
TheLostSwede
GT-AX6000 Firmware 3.0.0.6_102_34797
Replies
6
Views
758
NXIL
NXIL
Similar threads
Thread starter Title Forum Replies Date
A Another weird AX86U issue - but not Malware? ASUS AX Routers & Adapters (Wi-Fi 6/6e) 9
H Asus RT-AX88U doesn't create Wi-Fi 6 network ASUS AX Routers & Adapters (Wi-Fi 6/6e) 11
L Asus TUF AX5400 wi-fi problem ASUS AX Routers & Adapters (Wi-Fi 6/6e) 6
T Asus AX11000 VPN Fusion Notification ASUS AX Routers & Adapters (Wi-Fi 6/6e) 2
S Asus AXE16000 Random Reboots ASUS AX Routers & Adapters (Wi-Fi 6/6e) 8
A Asus RT-AX86U no wifi. LEDs off. ASUS AX Routers & Adapters (Wi-Fi 6/6e) 15
S I think my ASUS router somehow "poisoned" my AT&T's fiber gateway... ASUS AX Routers & Adapters (Wi-Fi 6/6e) 10
J The router cannot connect to ASUS server to check for the firmware update [RT-AX86U] ASUS AX Routers & Adapters (Wi-Fi 6/6e) 0
K Dropouts on ASUS RT-AX86U ASUS AX Routers & Adapters (Wi-Fi 6/6e) 5
R Asus RT-AX89X ASUS AX Routers & Adapters (Wi-Fi 6/6e) 9

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 631 (members: 18, guests: 613)
Top