New Mirai Botnet Hits D-Link Routers via RCE Flaw

Michael Miller · 2026-04-22

A fresh wave of the infamous Mirai malware is making the rounds, and this time it's targeting older D-Link routers that are no longer supported. If you're still using a D-Link DIR-823X, you need to pay attention. ### What's going on? Security researchers have spotted a new campaign actively exploiting a vulnerability known as CVE-2025-29635. This is a high-severity command-injection flaw that lets attackers take full control of affected routers. Once they're in, they can add the device to a botnet and use it for all sorts of nasty stuff, like launching DDoS attacks.  ### Why should you care? Here's the thing: these D-Link DIR-823X routers have reached end-of-life (EOL). That means the manufacturer isn't releasing any more security patches. So if you have one sitting in your home or office, it's basically a sitting duck. Attackers know this, and they're scanning the internet right now looking for vulnerable devices. ### How does the attack work? The malware exploits a command injection flaw in the router's web interface. Basically, it sends a specially crafted request that tricks the router into running malicious code. Once that code runs, the device is compromised and joins the Mirai botnet. From there, it can be used to attack other systems or even spread to other devices on your network. ### What can you do about it? - **Check your router model.** If you have a D-Link DIR-823X, it's time to replace it. There's no patch coming. - **Upgrade to a supported model.** Look for a router that still receives security updates. It's worth the investment. - **Change default credentials.** If you haven't already, change the admin username and password to something strong and unique. - **Disable remote management.** Unless you absolutely need it, turn off remote access to your router's admin panel. - **Monitor your network.** Keep an eye out for unusual traffic or devices acting strangely. > "The best defense against EOL devices is to retire them before they become a liability." — Michael Miller, Lead Antidetect Browser Strategist & Architect ### The bigger picture This isn't just about D-Link routers. It's a reminder that any device connected to the internet can be a target, especially if it's old and unpatched. The Mirai botnet has been around for years, but it keeps evolving. New variants pop up all the time, and they're getting smarter about finding vulnerable devices. If you're in the antidetect browser space or just care about online privacy, this is a wake-up call. Your network is only as secure as its weakest link. And sometimes that weakest link is a dusty old router you forgot about. ### Final thoughts Don't wait until your router gets hijacked. Take action now. Replace that old D-Link, secure your network, and stay informed about the latest threats. It's a small step that can save you a lot of headaches down the road. Stay safe out there.