March 26, 2024 By Bill Toulas
A new variant of "TheMoon" malware botnet has been spotted infecting thousands of outdated small office and home office (SOHO) routers and IoT devices in 88 countries.
TheMoon is linked to the "Faceless" proxy service, which uses some of the infected devices as proxies to route traffic for cybercriminals who wish to anonymize their malicious activities.
Black Lotus Labs researchers monitoring the latest TheMoon campaign, which started in early March 2024, have observed 6,000 ASUS routers being targeted in under 72 hours.
The threat analysts report that malware operations such as the IcedID and SolarMarker currently use the proxy botnet to obfuscate their online activity.
Source: Black Lotus Labs
