Ars TechnicaMay 28
Thousands of Asus routers are being hit with stealthy, persistent backdoors
Backdoor giving full administrative control can survive reboots and firmware updates.
https://arstechnica.com/security/2025/05/thousands-of-asus-routers-are-being-hit-with-stealthy-persistent-backdoors/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social
Show threadvax_May 29
They give us no choice but to flash #OpenWRT
Show threadFKA ZOGMay 29

@vax_ unfortunately https://forum.openwrt.org/t/openwrt-and-asus-ax55/160226

Asus AX55 not supported, but the RT-AC3100, RT-AC3200 are.

OpenWRT and ASUS AX55

I want to know if there will ever be support for this router? (ASUS AX55) Want to use it for WireGuard

OpenWrt Forum
Show threadvax_

@zog

I didn't actually read the article, are these the specific models that the backdoor was found? Although even if they are, it's definitely not the first case that was found in the routers space.In fact, in general, these are so common at the routers space that I'd recommend anyone who buys a new router to choose one that supports OpenWRT.

Unfortunately people don't even know about these things and they think router just works, like a fridge or a laundry machine for example.. That's why so many people uses VERY outdated routers. We are indeed in a very problematic situation and basically the only solution is OpenWRT.

May 30 at 6:01amWeb
Show threadFKA ZOGMay 30

@vax_ I concur 100%

Reading about it's hard to find a definitive list of affected routers but this link mentions the 3 I mentioned: https://www.bleepingcomputer.com/news/security/botnet-hacks-9-000-plus-asus-routers-to-add-persistent-ssh-backdoor/

I'm even recommending people get ones from GL-INET which supports #OpenWRT out of the box - although I still prefer to install the stock OpenWRT from the OpenWRT site on GL-INET devices instead of the slightly "slick UI" version of OpenWRT that GL-INET provide with the device.

In another post I just purchased an #OpenWRTOne to check it out - since I'm all sorted at home with my #VyOS firewall and #Unifi wifi I'm going to upgrade my mum's home internet with the OpenWRT One 🙂

edit: add GL-INET link https://www.gl-inet.com/support/firmware-versions/

Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor

Over 9,000 ASUS routers are compromised by a novel botnet dubbed "AyySSHush" that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys.

BleepingComputer