Updated to include comments from Ubiquti.
Dyre/Dyreza has gotten some attention this week in relation to targeting banks, after tracking Dridex and other associated banking Trojans I've researched parts of the command and control infrastructure that is abused by Dyre/Dyreza.
Dridex uses compromised sites for payload delivery, Upatre & Emotet do similar things, Dyre/Dyreza are using compromised routers.
I analysed Dyre/Dyreza samples upon infection are seeking to communicate with with a lot of compromised AirOS router's within the botnet.
Not only AirOS is affected by Dyre/Dyreza.
Recently, i recall reading on Krebs blog, that Lizard squads DDOS platform ran via using backdoors on compromised routers. If this vector is using brutceforcing of potentially weak usernames and passwords in the same way Lizard squad did, or via a backdoor that ships with the routers for firmware upgrades remains to be seen.
Comments from Brian Krebs here
Ubiquti gave the following statement
Admitting it previously shipped with RM disabled and then enabling it as a result of feedback seems strange. The threat it poses far outweighs the benefits of enabling it.