InfoSecBulletin Cybersecurity for mankind
A new malware campaign is targeting various network devices, including routers from DrayTek, TP-Link, Raisecom, and Cisco. In July 2025, researchers found a stealthy loader spreading by taking advantage of unauthenticated command injection flaws in embedded web services.
Compromise starts with simple HTTP requests that deliver a specific downloader script for each product. When run, these scripts download and execute the main payload, allowing attackers to control vulnerable systems globally.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
The malware named “Gayfemboy” has emerged, improving upon the notorious Mirai botnet with better stealth and modular features. The infrastructure connects to a stable download host at 220.158.234.135, while the attack comes from 87.121.84.34.
Payloads are disguised as harmless files with names like “aalel” for AArch and “xale” for x86-64 to avoid detection. After the initial download, the malware creates persistence by using UPX packing with a changed magic header to bypass automated unpackers.
Fortinet analysts observed that Gayfemboy campaign operates in various countries like Brazil, Mexico, the United States, Germany, France, Switzerland, Israel, and Vietnam, targeting sectors including Manufacturing, Technology, Construction, and Media.
Attackers use HTTP and TFTP transport methods based on device capabilities, achieving high success rates even in low connectivity environments.
Affected Platforms:
DrayTek Vigor2960 1.3.1_Beta, DrayTek Vigor3900 1.4.4_Beta, DrayTek Vigor300B 1.3.3_Beta, DrayTek Vigor300B 1.4.2.1_Beta, DrayTek Vigor300B 1.4.4_Beta, TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219, Raisecom MSG1200, Raisecom MSG2100E, Raisecom MSG2200, Raisecom MSG2300 3.90, Cisco ISE, Cisco ISE-PIC
South Asian APT to Compromise Phones of Military-linked Individuals In Bangladesh
