Comment on Thousands of Asus routers are being hit with stealthy, persistent backdoors
AmbiguousProps@lemmy.today 1 week agoFrom the article:
The only way for router users to determine whether their devices are infected is by checking the SSH settings in the configuration panel. Infected routers will show that the device can be logged into by SSH over port 53282 using a digital certificate with a truncated key of
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAo41nBoVFfj4HlVMGV+YPsxMDrMlbdDZ…
To remove the backdoor, infected users should remove the key and the port setting.
People can also determine if they’ve been targeted if system logs indicate that they have been accessed through the IP addresses 101.99.91[.]151, 101.99.94[.]173, 79.141.163[.]179, or 111.90.146[.]237.