We stay on top of updates for our phones and laptops. Some of us even make sure our smartwatches and security cameras are running the latest firmware. But routers often get overlooked. If it's working, we assume it's fine, but that mindset can be risky.
Now, the FBI has issued a warning that cybercriminals are actively exploiting old, unpatched and outdated routers. The alert, released in May 2025, explains how aging network devices with known flaws are being hijacked by malware and used to power anonymous cybercrime operations. A forgotten device in your home can silently become a tool for attackers.
Join the FREE "CyberGuy Report": Get my expert tech tips, critical security alerts and exclusive deals, plus instant access to my free "Ultimate Scam Survival Guide" when you sign up!
The FBI's Internet Crime Complaint Center published a public service announcement on May 7, 2025, cautioning both individuals and organizations that criminals are taking advantage of outdated routers that no longer receive security patches.
Devices manufactured around 2010 or earlier are especially vulnerable, as vendors have long ceased providing firmware updates for them. According to the FBI, such end-of-life routers have been breached by cyber actors using a variant of the "TheMoon" malware, allowing attackers to install proxy services on the devices and conduct illicit activities anonymously.
In essence, home and small-office routers are being quietly conscripted into proxy networks that mask the perpetrators' identities online. The alert notes that through networks like "5socks" and "Anyproxy," criminals have been selling access to the infected routers as proxy nodes. In these schemes, paying customers can route their internet traffic through unwitting victims' routers, obscuring their own location while the victim's device (and IP address) bears the blame.
FBI WARNS ABOUT NEW EXTORTION SCAM TARGETING SENSITIVE DATA
The FBI bulletin even names specific router models as frequent targets, including:
All of these devices are roughly a decade or more old and have known security vulnerabilities that were never patched once support ended. With their firmware updates long discontinued, any still in use are soft targets for attackers.
WHAT EXACTLY IS A DATA BREACH? WHY SHOULD I CARE?
Many recent infections stem from devices with remote administration exposed to the internet. Attackers scan for such routers, exploiting known firmware flaws without needing passwords. A single crafted web request can trick an older device into running malicious code. Once inside, malware often alters settings, opening ports or disabling security features, to maintain control and connect to external command-and-control servers.
One prominent threat is TheMoon, a malware strain first seen in 2014 that exploited flaws in Linksys routers. It has since evolved into a stealthy botnet builder, transforming infected routers into proxy nodes. Instead of launching direct attacks, TheMoon reroutes third-party traffic, masking hackers' identities behind everyday home networks. Cybercrime platforms like Faceless and 5socks sell access to these infected routers as "residential proxies," making them valuable assets in the digital underground.
For users, a compromised router means slower connections, exposure to phishing and spyware, and potential legal trouble if criminals abuse their IP address. For businesses, the risk is even higher: Outdated routers can be exploited for deeper network intrusions, data theft and ransomware attacks. In critical sectors, the consequences can be severe, affecting safety and compliance.
HOW TO REMOVE YOUR PERSONAL INFO FROM PEOPLE-SEARCH SITES
200 MILLION SOCIAL MEDIA RECORDS LEAKED IN MAJOR X DATA BREACH
Given the serious threats posed by outdated and compromised routers, taking proactive measures is essential. Here are six practical steps you can follow to protect your network and keep hackers at bay.
1) Replace your old router if it's no longer supported: If your router is more than five to seven years old, or if you can't find any recent updates for it on the manufacturer's website, it might be time to upgrade. Older routers often stop getting security fixes, which makes them an easy target for hackers. To check, look at the label on your router for the model number, then search online for "[model number] firmware update." If the last update was years ago, consider replacing it with a newer model from a trusted brand.
If you're not sure which router to get, check out my list of top routers for the best security. It includes models with strong security features and compatibility with VPN services.
2) Keep your router's firmware updated: Your router runs software called firmware, which needs to be updated just like your phone or computer. To do this, open a web browser and type your router's IP address (often 192.168.0.1 or 192.168.1.1), then log in using the username and password (usually found on a sticker on the router). Once inside, look for a section called "Firmware Update," "System" or "Administration," and check if an update is available. Apply it if there is one. Some newer routers also have apps that make this even easier.
3) Turn off remote access: Remote access lets you control your router from outside your home network, but it also opens the door for hackers. You can turn this off by logging into your router's settings (using the same steps as above), then finding a setting called "Remote Management," "Remote Access" or "WAN Access." Make sure this feature is disabled, then save the changes and restart your router.
4) Use a strong password for your router settings: Don't leave your router using the default login, like "admin" and "password." That's the first thing hackers try. Change it to a long, strong password with a mix of letters, numbers and symbols. A good example would be something like T#8r2k!sG91xm4vL. Try to avoid using the same password you use elsewhere. You can usually change the login password in the "Administration" or "Security" section of the router settings. Consider using a password manager to generate and store complex passwords. Get more details about my best expert-reviewed password managers of 2025 here.
5) Look out for strange behavior and act quickly: If your internet feels unusually slow, your devices randomly disconnect or your streaming buffers more than usual, it could mean something is wrong. Go into your router settings and check the list of connected devices. If you see something you don't recognize, it could be a sign of a breach. In that case, update the firmware, change your passwords and restart the router. If you're not comfortable doing this yourself, call your internet provider for help.
6) Reporting to authorities: The FBI asks that victims or those who suspect a compromise report incidents to the Internet Crime Complaint Center, which can help authorities track and mitigate broader threats.
SUBSCRIBE TO KURT'S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES
This isn't just about asking everyone to upgrade their old gear. It's about the bigger issue of who's actually responsible when outdated devices turn into security risks. Most people don't think twice about the router sitting in a corner, quietly doing its job years past its prime. But attackers do. They see forgotten hardware as easy targets. The real challenge isn't just technical. It's about how manufacturers, service providers and users all handle the long tail of aging tech that still lives on in the real world.
Should manufacturers be held accountable for keeping routers secure against cyber threats? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you'd like us to cover.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
