An odd botnet has been spotted targeting Fiberhome routers, in a quest to add 200 of them per day to its botnet web. 360 Netlab researchers observed a previously unknown malware strain called Gwmndy infecting the targets. The only purpose of the botnet is to set up the routers to be SSH tunneling proxy nodes, the researchers said. There were 431 MAC addresses and 422 IP addresses recorded, located mainly in the Philippines and Thailand indicating a highly targeted campaign.
Source: https://threatpost.com/gwmndy-botnet-proxy-connections/146963/