A large-scale malware attack campaign has just been uncovered, targeting the 'heart' of the internet for millions of households. If you own one of the 18 Wi-Fi router models listed below, your device may have become a tool for cybercriminals without your knowledge.
Hundreds of thousands of Wi-Fi devices were attacked.
In an urgent notice released in mid-March 2026, the US Federal Bureau of Investigation (FBI) issued a stern warning about a massive malware network targeting Wi-Fi routers and IoT devices. Instead of directly attacking computers or phones, the attackers choose to take control of routers, which are considered the data hubs of every household, turning them into proxies for illicit activities.
The AVrecon malware attacks a wide range of popular network devices.
PHOTO: SCREENSHOT FROM PCMAG
According to investigations, the malware known as AVrecon has silently infected approximately 369,000 devices since 2020. These devices were then offered for sale, granting access to the SocksEscort residential proxy service, allowing cybercriminals worldwide to carry out cross-border attacks anonymously.
Although more than 1,200 devices were found to be vulnerable, the FBI paid particular attention to 18 router models from popular brands, also very familiar in Vietnam, that were most frequently compromised, including:
- TP-Link : Archer C20, TL-WR840N, TL-WR849N, WR841N.
- D-Link : DIR-818LW, DIR-850L, DIR-860L.
- Netgear : DGN2200v4, AC1900 R7000.
- Zyxel : VMG, PMG, and EMG series (such as EMG6726-B10A, PMG5617GA, VMG1312-B10D, VMG1312-T20B, VMG3925-B10A, VMG3925-B10C, VMG4825-B10A, VMG4927-B50A, and VMG8825-T50K).
Additionally, two IoT security camera models are also on this blacklist due to serious security vulnerabilities.
Notably, many devices are being attacked through old security vulnerabilities such as Remote Code Execution. The FBI says many manufacturers have released patches, but users are ignoring or unaware of the need to update their firmware.
Once infected with AVrecon, attackers not only use the victim's router as a shield but can also set up a 'Remote Shell,' downloading and executing other malicious code to steal personal information or monitor all of the family's online activities.
Expert advice
Although the SocksEscort service has been shut down by the FBI in cooperation with Europol, the threat from the AVrecon malware still exists. Experts advise users:
- Check immediately if your router is on the list above.
- If so, access your router's administration page and install the latest firmware update from the manufacturer.
- In addition, you should change your router's administrator password (not your Wi-Fi password) to a more complex string of characters.
Source: https://thanhnien.vn/danh-list-of-common-wifi-routers-currently-being-attacked-by-malicious-malicious-drugs-185260327093903029.htm
![[Video] Sunset at Lap An Lagoon – Where the sun sets over the fishing nets](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2026/05/31/1780192137701_beach-landscape-sea-water-nature-grass-745871-pxhere-com.jpeg)
![[Video] Sunset at Lap An Lagoon – Where the sun sets over the fishing nets](https://vphoto.vietnam.vn/thumb/800x450/vietnam/resource/IMAGE/2026/05/31/1780192137701_beach-landscape-sea-water-nature-grass-745871-pxhere-com.jpeg)
![[Video] Sunset at Lap An Lagoon – Where the sun sets over the fishing nets](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2026/05/31/1780192137701_beach-landscape-sea-water-nature-grass-745871-pxhere-com.jpeg)
Comment (0)