Common Information
| Type | Value |
|---|---|
| Value |
AVrecon |
| Category | Tool |
| Type | Malpedia |
| Misp Type | Cluster |
| Description | AVrecon is a Linux-based Remote Access Trojan (RAT) targeting small-office/home-office (SOHO) routers and other ARM-embedded devices. The malware is distributed via exploitation of unpatched vulnerabilities or common misconfiguration of the targeted devices. Once deployed, AVreckon will collect some information about the infected device, open a session to pre-configured C&C server, and spawn a remote shell for command execution. It might also download additional arbitrary files and run them. The malware has recently been used in campaigns aimed at ad-fraud activities, password spraying and data exfiltration. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-07-31 | 1 | AVRecon Botnet Leveraging Compromised Routers to Fuel Illegal Proxy Service | ||
| Details | Website | 2023-07-31 | 1 | AVRecon Botnet Leveraging Compromised Routers to Fuel Illegal Proxy Service - RedPacket Security | ||
| Details | Website | 2023-07-25 | 25 | Who and What is Behind the Malware Proxy Service SocksEscort? – Krebs on Security | ||
| Details | Website | 2023-07-19 | 0 | Unmasking AVrecon: A Guide to Proactive Threat Hunting | ||
| Details | Website | 2023-07-18 | 0 | Botnet Malware Infects Over 70,000 Routers | ||
| Details | Website | 2023-07-17 | 0 | InfoSecSherpa’s News Roundup for Monday, July 17, 2023 | ||
| Details | Website | 2023-07-15 | 0 | AVrecon malware infects 70,000 Linux routers to build botnet - RedPacket Security | ||
| Details | Website | 2023-07-12 | 10 | Routers from the Underground: Exposing AVrecon - Lumen | ||
| Details | Website | 2023-07-01 | 0 | Variants of BPFDoor Deployed in Linux Kernel | Cyware Hacker News | ||
| Details | Website | 2022-01-01 | 0 | New AVrecon Malware Infects 70,000 Linux Routers Across 20 Countries | Cyware Hacker News |