Security2 min read
AryStinger botnet compromised over 4,000 D-Link routers worldwide
Tags Infrastructure · Consumer
BleepingComputer·
A previously undocumented botnet named AryStinger has infected more than 4,000 outdated D-Link routers, turning them into SOCKS5 proxies for malicious traffic relay. The botnet targets outdated D-Link router firmware. Remediation requires firmware updates and credential changes on affected devices. Reported by BleepingComputer on June 21, 2026.
Technical significance
The AryStinger botnet highlights the ongoing security risk of consumer and small-business routers that rarely receive firmware updates. With 4,000+ devices compromised, the botnet can serve as a proxy network for credential stuffing, DDoS, and anonymization of malicious traffic.