This post is also available in:
עברית (Hebrew)
The FBI has issued a security alert warning that aging home routers, particularly discontinued models from Linksys, are being exploited by cybercriminals to conceal the origins of malicious activity. The alert specifically names thirteen end-of-life (EOL) models that are no longer receiving firmware or security updates, making them prime targets for hijacking.
Attackers are leveraging a malware strain known as TheMoon to infect these outdated devices. First observed in 2014, TheMoon scans for internet-exposed routers with open ports and installs itself without needing a password. Once embedded, the malware turns the router into a proxy server, effectively masking the true location of hackers as they launch attacks or conduct illegal operations.
The exploited devices function as intermediaries that relay internet traffic while hiding the identities of those behind the activity. This makes it significantly harder for investigators to trace the origin of crimes such as data theft, cryptocurrency fraud, or illicit service contracting. In many cases, access to these routers is resold as part of proxy-for-hire services used across the cybercriminal ecosystem.
According to the FBI, routers manufactured in 2010 or earlier are particularly vulnerable, especially if remote administration features are enabled. This setting allows access to the device’s management interface over the internet, simplifying the process for attackers to deploy malware remotely.
The agency’s advisory highlights the following Linksys models as affected: E1200, E2500, E1000, E4200, E1500, E300, E3200, WRT320N, E1550, WRT610N, E100, M10, and WRT310N.
To mitigate the threat, users are advised to immediately replace EOL routers with newer models that continue to receive support and updates. For those unable to upgrade, disabling remote administration, rebooting the device, applying any remaining firmware updates, and using strong, unique passwords (at least 16 characters) are strongly recommended.
This campaign reflects a broader issue in which legacy hardware becomes a weak link in network security. The FBI encourages users who suspect their router has been compromised to report incidents via the Internet Crime Complaint Center.
