Version 55: Over 9,000 Asus routers infected by a botnet and enduring SSH backdoor that remains unremovable through firmware updates

BCAdmin1 Comment on Version 55: Over 9,000 Asus routers infected by a botnet and enduring SSH backdoor that remains unremovable through firmware updates

Major Security Breach: Over 9,000 ASUS Routers Compromised by Botnet Attack

In a troubling development for cybersecurity, a concerning breach affecting more than 9,000 ASUS routers has come to light. Discovered in March 2025 by the cybersecurity experts at GreyNoise, this incident revolves around a sophisticated botnet called “AyySSHush.”

The attack takes advantage of vulnerabilities in the device’s authentication system, leveraging standard router functionalities to create a persistent SSH backdoor. What sets this attack apart is the backdoor’s secure placement in the router’s non-volatile memory (NVRAM). This strategic positioning allows it to remain intact even after firmware updates or device restarts, thus complicating conventional recovery efforts.

The implications of this breach are significant, as it highlights the critical need for robust cybersecurity measures in our increasingly connected world. Users of affected ASUS routers should be on high alert and take immediate steps to secure their network configurations to mitigate potential risks. It’s a stark reminder that even trusted devices can harbor hidden vulnerabilities—an essential lesson for both consumers and manufacturers alike.

Share this content:

Related Posts

One Comment

  1. Thank you for bringing this critical issue to attention. Unfortunately, as these backdoors are stored in the router’s NVRAM, they can persist through standard firmware updates, making them particularly challenging to remove. Here are some recommended steps to try and mitigate the threat:

    • Perform a Full Factory Reset: Use the reset button on the router to restore it to factory defaults. Keep in mind that if the backdoor resides in NVRAM, this alone may not fully eliminate the threat.
    • Flash Custom Firmware: Consider installing custom firmware such as OpenWRT or Asuswrt-Merlin, which may offer improved security, better control over persistent storage, and additional safety measures. Ensure you follow proper flashing procedures to avoid bricking the device.
    • Disassemble and Reprogram NVRAM: For advanced users, physically accessing and reprogramming or replacing the NVRAM chip could remove the persistent malware. However, this approach requires specialized hardware skills and tools.
    • Consult with ASUS Support: Contact ASUS support for guidance tailored to your specific model and firmware version. They may have specific security patches or instructions, especially if this vulnerability has been officially acknowledged.
    • Network Security Practices: Isolate affected devices, change default credentials, and enable strong, unique passwords
    Reply

Leave a Reply to [email protected] Cancel reply

Your email address will not be published. Required fields are marked *