How to check if your ASUS router is infected by the Cyclops Blink botnet

Botnets are networks of infected devices that cybercriminals use to launch attacks, such as the mass sending of spam emails, denial of service attacks or DDoS, credential theft, etc. Once a device is infected, it will become part of the botnet network whose goal is to continue expanding.

ASUS routers turned into botnets

Do you have an ASUS router at home? Well, this interests you: Researchers from the cybersecurity company TrendMicro have published a report where warn of the vulnerabilities that the routers of the ASUS brand have and that they are being targeted by the “Cyclops Blink” botnet, which apparently intends to build an infrastructure for new attacks on high-value targets.

According to the affected models, there would be more than 3,500 routers likely to be vulnerable to this threat in Spain. If you have an Asus router, go to this link to find out if your model is among those affected, which we also list below:

  • GT-AC5300 firmware por debajo de 3.0.0.4.386.xxxx
  • GT-AC2900 firmware below 3.0.0.4.386.xxxx
  • RT-AC5300 firmware por debajo de 3.0.0.4.386.xxxx
  • RT-AC88U firmware below 3.0.0.4.386.xxxx
  • RT-AC3100 firmware below 3.0.0.4.386.xxxx
  • RT-AC86U firmware below 3.0.0.4.386.xxxx
  • RT-AC68U, AC68R, AC68W, AC68P firmware por debajo de 3.0.0.4.386.xxxx
  • RT-AC66U_B1 firmware por debajo de 3.0.0.4.386.xxxx
  • RT-AC3200 firmware below 3.0.0.4.386.xxxx
  • RT-AC2900 firmware below 3.0.0.4.386.xxxx
  • RT-AC1900P, RT-AC1900P firmware por debajo de 3.0.0.4.386.xxxx
  • RT-AC87U (EOL)
  • RT-AC66U (EOL)
  • RT-AC56U (EOL)
Related  WhatsApp wants you to send up to 2 GB of files

If you do not see it in the list, you can rest easy. If you see it, do the following to recover it:

  • Reset the device to factory settings: Sign in to web graphical user interface (http://router.asus.com), go to Administration > Restore/Save/Load Settings, click “Initialize all settings and clear all data log”, and then click the Restore button.
  • Update all devices to the latest firmware.
  • Make sure the default admin password has been changed to a more secure one.
  • Disable remote management (Deactivated by default, can only be activated through advanced settings).