The router sitting in your home office or small business did not need to be hacked by a skilled operator to end up serving as infrastructure for banking fraud, password attacks, and digital marketplace scams. All it needed was an unpatched vulnerability and a malware dubbed "AVrecon" to infect and sell access to it within minutes.

Last month, FBI alongside several international law enforcement agencies took down SocksEscort residential proxy service. In a follow-up of that investigation, the agency has found a malware called AVrecon, that was used in the targeting of scores of network devices worldwide. How AVrecon Works

AVrecon spreads by scanning the internet for devices with exposed...