In recent weeks, attacks have been mounted on Linksys and Asus routers via loopholes that thieves could exploit.
In Poland, reports suggest one gang has successfully adjusted router settings in a bid to steal cash.
A separate study found many of the routers sold online have bugs that attackers could easily exploit.
This week the Internet Storm Center (ISC) warned about a continuing attempt to exploit a vulnerability in 23 separate models of Linksys routers.
The virus, a self-replicating program or worm called The Moon, takes control of the router and then uses it to scan for other vulnerable systems.
So far, wrote ISC researcher Johannes Ullrich, it is not clear why the routers are being compromised and what might be done with them. There are hints in the exploit code that the routers will at some point be gathered together into a network of compromised machines, he said in a blogpost. Currently, he added, all the worm was doing was spreading to other Linksys routers.Benevolent hacking
In a statement, Linksys said it was aware of the Moon malware and said it took hold on hardware only if a Remote Management Access feature was turned on. Turning the router off and disabling the remote management system should clear out the worm, it added.
Linksys has also published technical advice about how to update the core software for vulnerable routers and how to turn off the remote management feature.Polish cyberthieves targeted home routers to aid bank thefts
Earlier this month, many users of Asus routers who remotely connect via the gadget to hard drives in their homes, perhaps to watch DVDs they have ripped, found that someone had used the same feature to upload a text file urging them to do more to make the device safe.
The letter is thought to have been left on the hard drives by benevolent hackers who exploited a loophole on the Asus routers first discovered in mid-2013. Ten separate models of Asus router are believed to be vulnerable to the same exploit.
Asus released a software update last week to close the loophole.
The two incidents come soon after Poland's Computer Emergency Response Team reported a large-scale attack on home routers by thieves seeking log-in names and passwords for online bank accounts. That attack infected vulnerable routers with software that snooped on traffic before passing it on to the bank sites people were trying to reach.
A separate study by security firm Tripwire has found that 80% of the 25 best-selling routers available on Amazon are vulnerable to compromise.
Security researcher Craig Young from Tripwire said exploits had been publicly discussed and published for more than one-third of these devices.
The past 12 months have seen a flurry of interest in routers by security researchers keen to find bugs and loopholes. One project detailing their findings now lists hundreds of exploits for routers from 36 separate manufacturers.
"In recent years, the computing power of the average home router has increased substantially to support features like streaming media and file or print sharing," said Mr Young. "These additional features offer new attack surface while the additional computing power creates new possibilities for what an attacker can do with a compromised device."