ASUS routers targeted by botnet malware – here’s how to protect your device


Here’s what you need to know

  • Cyclops Blink is a botnet with a version of the Cyclops Blink malware targeting certain ASUS routers.
  • Trend Micro believes the main purpose of the botnet is to create an infrastructure for new attacks on high-value targets.
  • ASUS has released a checklist to help you protect your equipment as well as a list of affected routers and required firmware to avoid this malware.

A botnet called Cyclops Blink targets ASUS routers with malware designed to run on router hardware. As reported by PC Gamer, Cyclops Blink botnet malware has been found targeting certain ASUS routers. This follows a report by Trend Micro threat researchers outlining the botnet and how the malware enters affected hardware.

Trend Micro calls Cyclops Blink an advanced modular botnet, meaning it’s made up of multiple parts working together. This means that an infected router probably isn’t targeting you and your data because it’s intended to be used as part of an infrastructure for higher priority attacks. In fact, Trend Micro believes this to be a state-sponsored attack.

Expanding on this, ZDNet reported that the alleged creator of Cyclops Blink is Sandworm/Voodoo Bear, a Russian group backed by the General Staff Intelligence Directorate (GRU) and has been used in attacks against Ukraine. and Georgia.

ASUS is probably not the only company affected by this attack, and Trend Micro says it has data suggesting other brands of routers are also targeted. Trend Micro also notes a similar attack against WatchGuard firewall appliances.

Secure your ASUS router

If you own any of the following routers, you should follow ASUS’ checklist to ensure that you are protected against malware. ASUS has posted these steps on its Product Security Advisory page.

  1. Reset the device to factory defaults: Log in to the Web GUI (, go to Administration → Restore/Save/Download Settings, click “Initialize All settings and clear all data logs”, then click the Restore button”
  2. Update all devices to the latest firmware.
  3. Make sure the default admin password has been changed to a more secure password.
  4. Disable remote management (disabled by default, can only be enabled through advanced settings).

These steps apply to the following affected routers.

GT-AC5300 firmware under
GT-AC2900 firmware under
RT-AC5300 firmware under
RT-AC88U firmware under
RT-AC3100 firmware under
RT-AC86U firmware under
Firmware RT-AC68U, AC68R, AC68W, AC68P under
RT-AC66U_B1 firmware under
RT-AC3200 firmware under
RT-AC2900 firmware under
Firmware RT-AC1900P, RT-AC1900P under
RT-AC87U (end of life)
RT-AC66U (end of life)
RT-AC56U (end of life)

(Image credit: Samuel Contreras/Android Central)

Newer routers will come with an automatic update feature, although it’s worth manually checking for updates. This can usually be done with the router’s management app or through a web browser.

These routers are mostly older Wi-Fi 5 models, though many of them are still quite fast and capable. The top-end tri-band GT-AC5300, for example, is a gaming router that still has more than enough power for the majority of home users. Fortunately, this router has been supported with an update so you can continue to use it with confidence once you’ve followed ASUS’ instructions.

If your router is near the end of its life or hasn’t received updates in a few years, it might be worth checking out one of the best Wi-Fi 6 routers so you have something that’s still actively supported. charge by the company that built it. There’s also a little more you can do to be more secure on Wi-Fi if you’re unsure about your connection.


Comments are closed.