Malware damaging ASUS routers?

[jksmurf]

Not yet for this model though. More will get damaged as a result.

Unless you run Asus Merlin FW; then there is a patched FW available for the RT-AX86U. Direct link here.
[EDIT] I see bennor already posted it above.

 

[Tech9]

You perhaps realize >90% of the users run stock Asuswrt and are completely unaware of the issue.

 

[jksmurf]

You perhaps realize >90% of the users run stock Asuswrt and are completely unaware of the issue.

Yes sir, I do indeed.

However for those concerned about the issue and wanting a solution that is available now, folks that might have been considering but not taken the leap to ASUS Merlin FW, or do not know about it but are willing to give it a whirl, I do not think it unreasonable to make them aware of the options currently available.

 

[giosita]

What @giosita is talking about is ASD file update. Different than Trend Micro signature update on Firmware Update page.

Correct. @iFrogMac Check the /jffs/asd folder.

 

[iFrogMac]

Correct. @iFrogMac Check the /jffs/asd folder.

Thanks, I will need to enable SSH correct? I typically haven't done that after my Router capable running DD-WRT died, and that's pretty much why I decided to stick with Asus, because their stock firmware is the closest thing I've found to something like DD-WRT, compared to other brands.

 

[giosita]

Thanks, I will need to enable SSH correct? I typically haven't done that after my Router capable running DD-WRT died, and that's pretty much why I decided to stick with Asus, because their stock firmware is the closest thing I've found to something like DD-WRT, compared to other brands.

Yeah, you need to enable SSH, but ONLY for the LAN (LAN only, okay?) and please, for the love of tech, don’t use the standard port 22 - pick a random free port that’s not on the well-known ports list.

Once that’s done, fire up something like PuTTY and check if the signature files are chilling in the /jffs/asd folder.

Oh, and seriously, if you have no clue what any of this means, don’t even think about it - messing around with random commands is a fast track to disaster.

 

[iFrogMac]

Yeah, you need to enable SSH, but ONLY for the LAN (LAN only, okay?) and please, for the love of tech, don’t use the standard port 22 - pick a random free port that’s not on the well-known ports list.

Once that’s done, fire up something like PuTTY and check if the signature files are chilling in the /jffs/asd folder.

Oh, and seriously, if you have no clue what any of this means, don’t even think about it - messing around with random commands is a fast track to disaster.

Thanks, and yes I understand all of this. I just haven't had to do it in a while. I mainly leave stuff like this disabled for security reasons unless I NEED it. Since I use macOS, or Linux most of the time, will just use the ssh command in terminal. I was mainly trying to decide if the RT-AX86U was even worth it at this point to patch since I got a new router with newer firmware, and it has the separate toggle for security updates in addition to firmware updates as @Tech9 mentioned. Thanks again. If I decide to use the 86U again for any length of time, I'll check the jfs directory mentioned.

 

[giosita]

@iFrogMac "I mainly leave stuff like this disabled for security reasons unless I NEED it." Wow, truly, reading that feels like a warm hug from common sense .

 

[iFrogMac]

@iFrogMac "I mainly leave stuff like this disabled for security reasons unless I NEED it." Wow, truly, reading that feels like a warm hug from common sense .

Thank you. That's pretty much why I replaced the hardware too, that and wanting access to more than just one 2.5G ethernet port. I figured at this point, it wasn't safe long term as the main router anymore, but as a backup, it would be OK. Especially since I was looking for things that required an upgrade anyway. Either way, I'll keep an eye out and see if Asus does anymore official firmware updates for it. I did read an official article from Asus stating that the RT-AX86U was officially due to end support in 2025 (in Singapore ), so I wonder if the rest of the world will follow shortly after that. I couldn't find any additional info.
Edited to include the Link referenced: https://www.asus.com/support/faq/1051375/

 

[Jbennett360]

So in my firmware upgrade tab there's no mention of the 'Security Update' or ASD version.

I'm assuming I've disabled this at some point, is there an easy way to re-enable it? It doesn't seem obvious?

Edit:
Enabled AI Protection, that prompted me to accept the terms. Signature update then appeared under the firmware upgrade tab. Last updated June of last year. Checked for update and bumped it to 2.430.

Disabled AI Protection, that signature update has now gone.

Is that for ASD, or purely for trend micro?

 

[iFrogMac]

So in my firmware upgrade tab there's no mention of the 'Security Update' or ASD version.

I'm assuming i've disabled this at some point, is there an easy way to re-enable it? It doesn't seem obvious?

The impression I've gotten having the same question is the SSH method looking into the directory mentioned is the only way to see if it's been updated.

 

[bennor]

@Jbennett360, here is how RMerlin explains ASD:

It's not related to Trend Micro. It's a separate security daemon from Asus, that handle security-related issues on the router itself. They provide a special set of signature files specific to Asuswrt-Merlin that automatically gets downloaded from them.

It is running all the time. If it was able to be disabled then malware would target it and disable it in order to infect the router. The ASD service scans the router for malware.

Edit to add: And RMerlin also explains in another discussion that if you absolutely must try to manually update the ASD signature files (when using Asus-Merlin), if there is no option to update them through the router GUI, then delete the files (in the /jffs/asd/ directory) and they'll be redownloaded by the router firmware.

 

[Jbennett360]

@Jbennett360, here is how RMerlin explains ASD:

It is running all the time. If it was able to be disabled then malware would target it and disable it in order to infect the router. The ASD service scans the router for malware.

Edit to add: And RMerlin also explains in another discussion that if you absolutely must try to manually update the ASD signature files (when using Asus-Merlin), if there is no option to update them through the router GUI, then delete the files (in the /jffs/asd/ directory) and they'll be redownloaded by the router firmware.

Thanks for the clarification.

So do we know what the Security Upgrade is that's mentioned here? - https://www.snbforums.com/threads/security-upgrade-option-on-rt-ax88u-pro.88714/

Rebadged signatures?

 

[Partayam]

Hi all,

I did try to look around the forum for this answer, so I will ask the question here as well in case any other person with the same issue is having the same difficulty as I finding their way.

I am one of those affected by this recent surge of AX86U issues, so I am left with a dumb brick for the time being.
Is there any way to recover the device once you have been affected? If so, how?

Thank you.

 

[Jbennett360]

Hi all,

I did try to look around the forum for this answer, so I will ask the question here as well in case any other person with the same issue is having the same difficulty as I finding their way.

I am one of those affected by this recent surge of AX86U issues, so I am left with a dumb brick for the time being.
Is there any way to recover the device once you have been affected? If so, how?

Thank you.

Solved - RT-AX86U dead WiFi asking for country code?

Hey everyone So a friend of mine bought an used RT-AX86U and asked me to take a look at it because the wifi led are not lighting up and the SSIDs wont show up. Installing merlinWRT didn't fix it either. Looking at the wifi settings opens a popup asking for a country code and the channels are...

www.snbforums.com