New Malware Exploits Vulnerability in TP-Link Archer AX21 Wi-Fi Routers
A new form of malware called Condi has been discovered, which exploits a security vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers, rendering them vulnerable to distributed denial-of-service (DDoS) botnet attacks. According to Fortinet FortiGuard Labs, the attacks, which are orchestrated by an online user aliasing themselves by the name zxcr9999 on Telegram and who runs a Telegram channel, have intensified since the end of May 2023.
The TP-Link Archer AX21 Security Vulnerability
The new Condi malware exposes a security flaw in the TP-Link Archer AX21 that enables the botnet operator to execute commands and manipulate the router’s settings. It’s believed that the malware utilizes an authentication bypass vulnerability, which enables it to sidestep the router’s security systems allowing the attacker to gain unauthorized access to the device. This results in the botnet operator obtaining administrator-level control over the targeted router, making it an easy target for a future DDoS attack.
The Rise of Condi Malware
Since the attack began to gain momentum at the end of May 2023, the number of bots involved in this DDoS Botnet has continued to increase. By the end of June 2023, Fortinet FortiGuard Labs estimated that there were up to 10,000 bots. Since then, the number of bots has grown exponentially, infiltrating numerous global brands and businesses such as Starbucks, Adidas, and Marriott.
Avoiding Condi Malware
To avoid the Condi malware, users should update their TP-Link Archer AX21 router to the newest firmware version available. This would effectively close the vulnerability that Condi uses to infiltrate the device, securing it from any hacker attempting to take advantage of the vulnerability. There is also the option of resetting the router to its factory settings allowing it to reinstall every setting available. Finally, it’s important to strengthen the router’s security by adding strong passwords and ensuring the Wi-Fi is encrypted.
A new form of malware called Condi has been discovered, enabling hackers to target TP-Link Archer AX21 routers, interrupting the connectivity of numerous global brands and businesses. It’s believed that an authentication bypass vulnerability is at the root of the problem, which allows these unauthorized persons access to the device’s controls. To avoid these attacks, it’s important to update the firmware or reset the router to its factory settings, as well as adding strong passwords and ensuring the Wi-Fi is encrypted.Original Article: https://thehackernews.com/2023/06/new-condi-malware-hijacking-tp-link-wi.html