The FBI Just Named 18 Popular Routers Targeted By A Massive Malware Operation

Bmosbacker · March 27, 2026, 12:51am

zkarj · March 27, 2026, 2:28am

I saw this posted in a Slack I frequent. The security professional who was there pointed out that this is disingenuous FUD from the FBI.

The real headline is “UNPATCHED popular routers targeted by hackers.” See also “Man bites dog."

ACautionaryTale · March 27, 2026, 2:44am

The number of home routers that don’t auto-patch themselves but are patched/updated by their users is vanishingly small. For all practical purposes any router on that list is an unpatched router.

rob · March 27, 2026, 7:30am

Is there a source (or list) for people that don’t have Apple News?

aardy · March 27, 2026, 9:30am

I couldn’t even see the list and I do have Apple News!
BGR doesn’t seem exactly great journalism

Alevyinroc · March 27, 2026, 11:26am

My Linksys Velop auto-patches. Linksys hasn’t released an update since June 2022 (and why do they bury the firmware update in “Connectivity”?).

But I guess that one’s partly on me for not properly researching and rushing out to Best Buy Thanksgiving week 2023 and dropping $200 on what seemed like the best bang for the buck they had in stock after my Netgear mesh stopped working. Should have bit the bullet and gone with Ubiquiti.

(Have we passed the point where I can lament the demise of my WRT-54G?)

Alevyinroc · March 27, 2026, 11:27am

The article links to an FBI notice at https://www.fbi.gov/investigate/cyber/alerts/2026/avrecon-malware-infected-routers-exploited-as-residential-proxies-by-socksescort which does have a list of makes and models (@aardy FYI)

It’s also in the linked article (apparently sourced from The FBI Just Named 18 Popular Routers Targeted By A Massive Malware Operation) right above the photo of the guy in the hoodie:

The shortlist includes three routers from D-Link (the DIR-818LW, DIR-850L, and DIR-860L), two Netgear models (the DGN2200v4 and AC1900 R7000), four from TP-Link (the Archer C20, TL-WR840N, TL-WR849N, and WR841N), and nine from Zyxel with the following model numbers: EMG6726-B10A, PMG5617GA, VMG1312-B10D, VMG1312-T20B, VMG3925-B10A, VMG3925-B10C, VMG4825-B10A, VMG4927-B50A, and VMG8825-T50K.

ACautionaryTale · March 27, 2026, 2:11pm

Yeah, not every router that auto-patches is “safe”, but if it doesn’t then there’s a very nearly 100% chance that it’s never been patched (yes, I know everyone here does ).

ThatGuy · March 27, 2026, 2:38pm

BGR (Boy Genius Report) always has had a clickbait habit.