TheMoon malware has infected thousands of ASUS routers, with 6,000 routers compromised in 72 hours for a proxy service. The malware enrolls infected devices into Faceless, a service for anonymizing illicit activities. Around 80% of Faceless bots are in the United States, potentially engaging in criminal activities like password spraying and data exfiltration, especially targeting the financial sector. TheMoon botnet, previously inactive, has resurfaced, infecting over 40,000 routers and IoT devices to power Faceless, a criminal proxy service used for data theft, financial system attacks, and spreading malware like SolarMarker and IcedID.