FBI: Malware Infecting Outdated / EOL Routers, Is Yours on the List?

FBI Malware Outdated Routers

In a recent cybersecurity advisory, the FBI sounded the alarm on a growing threat that’s targeting one of the most overlooked parts of your home or small business network: your router. Specifically, the FBI is warning that EOL routers (end-of-life), devices that are no longer receiving security updates, are actively being exploited to create large-scale residential proxy botnets.

If you’re still using one of these older models, your network could be part of a cybercriminal’s toolkit without your knowledge.


What’s Happening?

According to the FBI, malware like “TheMoon” is infecting unsupported routers and enlisting them into residential proxy botnets. These botnets are then sold or leased on the dark web through services like “5Socks” and “Anyrun”, allowing cybercriminals to anonymously route traffic through compromised devices.

These compromised routers can be used to:

  • Disguise malicious online activity
  • Send spam or phishing messages
  • Launch distributed denial-of-service (DDoS) attacks
  • Harvest personal or financial data

This activity not only poses a threat to national cybersecurity but also compromises the privacy and safety of those using infected routers.


Devices Identified as Vulnerable

The FBI and several cybersecurity researchers have identified a list of specific devices that are being actively targeted due to known vulnerabilities and lack of firmware support. These routers include:

Confirmed Impacted Routers:

  • Cisco RV320 and RV325
  • Netgear ProSAFE BR200
  • Zyxel USG and ZyWALL models
  • DrayTek Vigor 2960 and 3900
  • D-Link DIR-655, DIR-866L, DIR-652, DSR-250N, DSR-500N
  • TP-Link WR740N and similar low-cost EOL models
  • Linksys E-series older models (E1200, E2500, etc.)
  • Cradlepoint E100 (However, see note below)

These models are no longer receiving security patches and are especially vulnerable to known exploits that have been circulating for years.


Clarifying the Cradlepoint Confusion

Several media outlets mistakenly reported that all Ericsson Cradlepoint routers are vulnerable. This is incorrect.

The FBI’s advisory referenced the Cradlepoint E100 specifically, an older, specialized model that is no longer supported. However, modern Cradlepoint models like the IBR series, R1900, R500, and E300/E3000 are NOT impacted by this vulnerability.

In fact, Cradlepoint’s newer routers continue to receive regular firmware and security updates and include enhanced protection via InControl2 cloud management and zero-trust policies. If you’re using any current Cradlepoint device sold at 5Gstore.com, you’re not at risk from this specific malware.


How to Know if You’re at Risk

Ask yourself the following:

  • Is your router more than 5–7 years old?
  • Does the manufacturer still provide firmware updates for it?
  • Are you experiencing slowdowns or strange behavior on your network?
  • Have you logged into your router interface lately to check for unknown settings or devices?

If your router is on the list above or meets the criteria of an EOL device, it’s time to replace it.


Mitigation: What You Should Do Right Now

Here’s how to protect your home or business network:

1. Replace Your Router

The most effective step is to upgrade to a modern router that is actively supported. Products from Semtech, PeplinkCradlepoint, Digi, and Teltonika, available from 5Gstore, offer robust security and centralized management features.

2. Disable Remote Management

Turn off web-based remote access to your router. Most home users don’t need this feature, and it’s a common attack vector.

3. Reset and Reconfigure

If you’re sticking with your existing router temporarily, reset it to factory settings and reconfigure it using a secure password and up-to-date DNS settings.

4. Change All Default Credentials

Many botnets exploit unchanged usernames and passwords. Change both your admin and Wi-Fi credentials to strong, unique passwords.

5. Use Network Monitoring Tools

A good router today includes built-in monitoring tools. You can also use third-party applications to detect unusual spikes in outbound traffic, which can indicate your device is acting as a proxy for criminal activity.

6. Segment Your Network

If possible, use VLANs or guest networks to segment IoT and guest traffic from sensitive devices like your work computer or POS terminals.


Why This Matters

Cybersecurity isn’t just an enterprise concern anymore. Home networks, small businesses, and remote workers are all targets. By using outdated equipment, you’re not just risking your own data, you’re potentially helping attackers mask their activity and cause broader harm.

At 5Gstore, we help thousands of customers each year modernize their networking infrastructure to prevent exactly this kind of issue. Whether you’re upgrading a single home router or deploying hundreds of devices across an enterprise, we can help you select, configure, and secure the right solution.


Final Thought: Upgrade with Confidence

If your current router is on the FBI’s radar, don’t wait. Upgrade today and ensure you’re protected against today’s most active threats. Contact us at 5Gstore.com to learn more about secure, modern router options that are safe from residential proxy botnet attacks.

You deserve better than being a pawn in someone else’s cyberattack.