FBI Alert: Your Router May Be Aiding Cybercrime

FBI seal overlaid on an American flag background — HUGE FBI WARNING

Your home Wi-Fi router could be secretly working for cybercriminals right now, and your antivirus software has no clue it’s happening.

Story Snapshot

FBI issues urgent warning about 13 end-of-life Linksys router models vulnerable to undetectable malware attacks
Cybercriminals exploit outdated routers to install TheMoon malware, converting home networks into criminal proxy servers without owners’ knowledge
Infected routers operate invisibly at the firmware level, evading all traditional antivirus and security software detection
FBI recommends immediate replacement of affected models as no patches exist for discontinued devices

FBI Warns of Invisible Threat in Millions of Homes

The FBI released a public service announcement in February 2026 identifying 13 specific Linksys router models that cybercriminals actively exploit through unpatched security vulnerabilities. These end-of-life devices, manufactured between 2009 and 2011, include popular models like the WRT320N, E1200, E2500, E4200, and M10.

The bureau’s warning emphasizes that traditional security software cannot detect these attacks because the malware operates within the router’s firmware itself, not on connected computers or phones. This represents a fundamental security gap that most Americans don’t realize exists in their homes.

The FBI Says These Wi-Fi Routers Are Unsafe, And Here's Why https://t.co/RrPY0YkH41 #news

— Technology News (@15MinuteNewsTec) February 23, 2026

How Criminals Turn Your Router Against You

Threat actors scan the internet for routers with exposed remote administration features, a convenience option that allows configuration from anywhere online. Once identified, attackers exploit known flaws to gain root access and install variants of TheMoon malware, which has plagued vulnerable routers since 2014.

The compromised devices then communicate with command-and-control servers approximately every 60 seconds, receiving instructions to operate as anonymous proxy servers. Cybercriminals rent these hijacked networks to other criminals who use them to mask illegal activities, potentially making innocent homeowners appear responsible for crimes they didn’t commit.

Manufacturers Abandon Consumers with No Recourse

Linksys discontinued support for these models over a decade ago, leaving millions of devices permanently vulnerable with no possibility of security patches. This practice of abandoning products after just a few years exemplifies corporate irresponsibility that leaves everyday Americans holding the bag.

The FBI confirms no mitigation strategy exists beyond complete replacement, forcing consumers to spend $50 to $200 on new equipment because manufacturers prioritized profits over customer security. This situation highlights how big tech companies design products with built-in obsolescence, creating recurring revenue streams while exposing families to serious cyber threats.

Protecting Your Home Network from Government-Confirmed Threats

The FBI’s explicit recommendation is immediate replacement of any affected Linksys model, with the added directive to disable remote administration features on all new routers. This advisory carries weight precisely because the threat is both undetectable and actively exploited, not theoretical.

Affected models include WRT310N, WRT320N, WRT330N, WRT54G2, WRT54GS, WRT610N, E1000, E1200, E2500, E3200, E4200, M10, and M20.

Homeowners should take this threat seriously—the government issued the warning, but protecting your family’s digital security remains your responsibility. Upgrading to a currently-supported router with modern security features provides the only genuine protection against this firmware-level exploitation.