{"id":235180,"date":"2026-06-22T11:24:00","date_gmt":"2026-06-22T15:24:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/22\/thousands-of-d-link-routers-under-control-of-arystinger-botnet\/"},"modified":"2026-06-22T12:40:13","modified_gmt":"2026-06-22T16:40:13","slug":"thousands-of-d-link-routers-under-control-of-arystinger-botnet","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/22\/thousands-of-d-link-routers-under-control-of-arystinger-botnet\/","title":{"rendered":"Thousands of D-Link routers under control of AryStinger botnet"},"content":{"rendered":"<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2026\/06\/thousands-of-d-link-routers-under-control-of-arystinger-botnet\">Thousands of D-Link routers under control of AryStinger botnet<\/a><\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2026\/06\/thousands-of-d-link-routers-under-control-of-arystinger-botnet\">https:\/\/www.malwarebytes.com\/blog\/news\/2026\/06\/thousands-of-d-link-routers-under-control-of-arystinger-botnet<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-22 11:24:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.malwarebytes.com\">www.malwarebytes.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>Researchers have found that the recently discovered AryStinger botnet has quietly hijacked thousands of end\u2011of\u2011life D\u2011Link routers and some network-attached storage (NAS) devices, turning them into a distributed scanning and proxy network that attackers can use to hide their activity and launch attacks against other targets.\u00a0<\/p>\n<p>Having your devices under control of a botnet is not just a problem for the people being targeted. It can also put your own privacy and security at risk.\u00a0<\/p>\n<p>The AryStinger botnet is mainly built on compromised D\u2011Link DIR\u2011850L and DIR\u2011818LW routers. Although these devices are long past end\u2011of\u2011life, they are still widely used in homes and small offices, making them attractive targets for botnet operators. <\/p>\n<p>The attackers exploited vulnerabilities disclosed 13 years ago to compromise a large number of routers. According to the researchers:<\/p>\n<p>\u201cAt least 4,300 routers worldwide have already been infected, and the number is still continuously rising.\u201d<\/p>\n<p>By targeting routers that are no longer supported by the vendor, the attackers gain access to devices that will\u00a0never receive security patches\u00a0but remain connected to the internet.<\/p>\n<p>AryStinger turns each infected device into what the researchers call an\u00a0\u201cExecutor\u201d: a remotely controlled node that can scan networks, act as a proxy, create tunnels, and run commands on behalf of the attacker. <\/p>\n<p>The botnet\u2019s controller splits large reconnaissance tasks into many smaller ones and distributes them across these Executors, effectively turning a fleet of consumer routers into a large-scale scanning platform.<\/p>\n<p>The botnet\u2019s primary purpose is reconnaissance at scale.\u00a0The controller can:<\/p>\n<p>Push scanning jobs (for IP ranges, open ports, DNS records) down to many Executors in parallel.<\/p>\n<p>Use those results to map networks, identify new vulnerable services, and prepare further compromises (\u201cfootprinting\u201d).<\/p>\n<p>For owners of infected devices, a more worrying capability is AryStinger\u2019s ability to tamper with DNS settings. This allows attackers to:<\/p>\n<p>Redirect victims\u2019 browser traffic to phishing pages or malware\u2011hosting sites.<\/p>\n<p>Silently monitor and potentially steal\u00a0all inbound and outbound network traffic\u00a0passing through the router or NAS.<\/p>\n<p>This can put otherwise well-protected devices at risk. Mobile phones, tablets, and laptops connected to the compromised router can be redirected as well.<\/p>\n<p>How to tell if you\u2019re impacted<\/p>\n<p>For owners of an affected router or NAS, the immediate signs may be subtle or non\u2011existent. Possible indicators might be:<\/p>\n<p>Slightly slower connectivity<\/p>\n<p>Occasional unexplained DNS failures or redirects<\/p>\n<p>Spikes in outbound traffic at odd times<\/p>\n<p>But the underlying risks are serious enough:<\/p>\n<p>Privacy:\u00a0Attackers may be able to inspect or redirect your traffic, potentially capturing usernames, passwords, session cookies, or other sensitive data.<\/p>\n<p>Liability and reputation:\u00a0Your IP address could be used for\u00a0fraud, credential\u2011stuffing, harassment, or other criminal activity, potentially attracting attention from service providers or law enforcement\u2014something already seen in other proxy botnets.<\/p>\n<p>Pivoting into your network:\u00a0Particularly on compromised NAS devices, attackers may be able to map internal networks and look for additional systems to target.<\/p>\n<p>What to do<\/p>\n<p>This is not the first time attackers have built a botnet from abandoned networking equipment. Unfortunately, the most effective solution is also the least popular one: Replace end-of-life routers and NAS devices. <\/p>\n<p>If that\u2019s not an immediate option, there are some steps you can take to make your device harder to compromise:<\/p>\n<p>Apply the latest firmware\u00a0available for your device, even if it\u2019s old, and review any vendor security advisories for known vulnerabilities.<\/p>\n<p>Change the default administrator password\u00a0to a unique, strong password or passphrase; never reuse passwords from other accounts.<\/p>\n<p>Disable remote management\u00a0from the internet (WAN). Only access the admin interface from inside your home or office network.<\/p>\n<p>Use WPA2 or WPA3\u00a0wireless encryption and a strong Wi\u2011Fi password to reduce the chance of local abuse.<\/p>\n<p>If your router supports it,\u00a0turn off unused services\u00a0such as UPnP on the WAN side or legacy remote access protocols.<\/p>\n<p>Run an anti-malware scan on computers and other devices connected to the router to check whether any were separately infected while traffic was being tampered with.<\/p>\n<p>Even if you apply all of these recommendations, an end-of-life router should be considered untrusted. Make plans to replace it as soon as you can.<\/p>\n<p>We don\u2019t just report on threats\u2014we remove them<\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by\u00a0downloading Malwarebytes today.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Thousands of D-Link routers under control of AryStinger botnet https:\/\/www.malwarebytes.com\/blog\/news\/2026\/06\/thousands-of-d-link-routers-under-control-of-arystinger-botnet Publish Date: 2026-06-22 11:24:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":235181,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2026\/06\/d-link-botnet.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32,25],"class_list":["post-235180","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/235180"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=235180"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/235180\/revisions"}],"predecessor-version":[{"id":235182,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/235180\/revisions\/235182"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/235181"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=235180"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=235180"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=235180"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}