AryStinger Malware Campaign Compromises 4,300 Outdated Routers for Cyberattacks

A malware campaign named AryStinger has compromised at least 4,300 outdated home routers, repurposing them as proxies and reconnaissance nodes for cyberattacks. The primary targets are devices using Realtek RTL819X chipsets, particularly the D-Link DIR-850L model, with a separate variant also targeting QNAP NAS systems. No specific CVEs, attack timelines, or threat actor attribution were disclosed in the report. The compromised routers are being leveraged for network scanning and proxy-based malicious activities. The campaign highlights risks associated with unpatched legacy hardware in residential and small-office environments.