AmbiguousProps

  • 345 Posts
  • 1.24K Comments
Joined 1 year ago
cake
Cake day: March 19th, 2024

help-circle













  • From the article:

    The only way for router users to determine whether their devices are infected is by checking the SSH settings in the configuration panel. Infected routers will show that the device can be logged into by SSH over port 53282 using a digital certificate with a truncated key of

    ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAo41nBoVFfj4HlVMGV+YPsxMDrMlbdDZ…

    To remove the backdoor, infected users should remove the key and the port setting.

    People can also determine if they’ve been targeted if system logs indicate that they have been accessed through the IP addresses 101.99.91[.]151, 101.99.94[.]173, 79.141.163[.]179, or 111.90.146[.]237.