The FBI’s cyber alert describes how AVrecon malware is distributed by compromising exposed routers and other devices. It says the resulting infrastructure can be used to support fraud and cybercrime activity, including proxy services.

The FBI issued a cyber alert describing “AVrecon” malware and how it can be deployed by compromising exposed routers and similar network devices. According to the alert, attackers leverage these infected devices to create a proxy-like capability that can help conceal activity and route traffic through residential IPs. The FBI’s briefing focuses on the misuse of this access to enable downstream criminal operations rather than a single scam type. It highlights that AVrecon infections can be repurposed to support multiple fraud pathways, including schemes that rely on the perceived legitimacy of residential connections. The alert also references the broader role that compromised infrastructure plays in cybercrime, where malware placement and device control are used to improve operational effectiveness. The FBI emphasizes the importance of securing perimeter devices and reducing exposure of routers or misconfigured equipment that may be reachable from the public internet. While the alert details the mechanism of proxy abuse, it also points readers toward the variety of frauds that can be enabled once criminals can reliably generate residential-like traffic.