Asus Router Vulnerability: WrtHug Malware Threatens Device Security
ADN
Asus users face potential security risks as a threat actor group known as WrtHug targets the brand's routers. This vulnerability could expose personal networks, raising concerns for individuals and businesses relying on Asus devices for connectivity.
TL;DR
- WrtHug malware targets outdated Asus routers.
- Nearly 50,000 IPs compromised globally, including critical regions.
- Firmware updates and hardware replacement strongly advised.
An Expanding Global Cyber Threat
Over the past half-year, the STRIKE research team at SecurityScore has been closely tracking a sophisticated cyber campaign identified as WrtHug. This malware targets aging and unpatched models of Asus routers—a concern that has escalated due to the sheer scope of the attack. To date, nearly 50,000 unique IP addresses have been compromised worldwide, with the hardest hit regions including Taiwan, Southeast Asia, Central Europe, Russia, and the United States.
Sophisticated Attacks Exploit Critical Vulnerabilities
The threat actors behind WrtHug employ a multi-pronged approach. Their attacks begin by exploiting command injection vulnerabilities but also leverage other well-documented security flaws. Through these methods, attackers convert infected routers into so-called ORB networks, effectively using them as relays to mask their control operations. This tactic complicates detection and mitigation efforts for both users and cybersecurity professionals.
Several factors explain why these routers are particularly vulnerable:
- Lack of regular firmware updates leaves known flaws unpatched.
- Certain models—such as ASUS Wireless Router 4G-AC55U, AC860U, DSL-AC68U, GT-AC5300, GT-AX11000, RT-AC1200HP, RT-AC1300GPLUS, and RT-AC1300UHP—are no longer supported by the manufacturer.
- The most notable exploited vulnerabilities include CVE-2023-39780, CVE-2024-12912 (arbitrary code execution), and the critical CVE-2025-2492 affecting AiCloud functions.
User Guidance: Immediate Steps for Security
Given this persistent cyberthreat landscape, users must take prompt action to secure their home networks. The manufacturer Asus has released patches for six major vulnerabilities; installing these firmware updates is essential. If your router is no longer supported, consider replacing it or at least disabling remote access features. Additionally:
• Change default passwords to strong codes (16+ characters).
• Regularly reboot your router.
• Install robust antivirus solutions on all connected devices.
Upgrading: The Most Effective Defense
Ultimately, modernizing network equipment remains the surest way to defend against evolving threats. Routers compatible with recent standards like Wi-Fi 6 or Wi-Fi 7 not only boost speed but also enhance security for every connected device in your household. In an era when cyber risks continually mutate and escalate, maintaining technical vigilance—sometimes even replacing hardware ahead of schedule—may well be a necessary safeguard against tomorrow’s attacks.