AVrecon (Malware Family)

AVrecon

AVrecon is a Linux-based Remote Access Trojan (RAT) targeting small-office/home-office (SOHO) routers and other ARM-embedded devices. The malware is distributed via exploitation of unpatched vulnerabilities or common misconfiguration of the targeted devices. Once deployed, AVreckon will collect some information about the infected device, open a session to pre-configured C&C server, and spawn a remote shell for command execution. It might also download additional arbitrary files and run them. The malware has recently been used in campaigns aimed at ad-fraud activities, password spraying and data exfiltration.

References

2023-07-27 ⋅ X (@BlackLotusLabs) ⋅ Black Lotus Labs
Tweet on update on AVrecon bot's migration to new infrastructure
AVrecon

2023-07-26 ⋅ SPUR ⋅ Riley Kilmer
Christmas in July: A finely wrapped Malware Proxy Service
AVrecon

2023-07-25 ⋅ KrebsOnSecurity ⋅ Brian Krebs
Who and What is Behind the Malware Proxy Service SocksEscort?
AVrecon

2023-07-12 ⋅ Lumen ⋅ Black Lotus Labs
Routers From The Underground: Exposing AVrecon
AVrecon

There is no Yara-Signature yet.

AVrecon Propose Change

References

AVrecon