VPNFilter Router Malware Still Wreaking Havoc Worldwide Infecting New Devices

Donna Miller
June 9, 2018

That's a risky new capability as it means the malware can attempt an exploit without a user having to visit a compromised site, click a link or open a malicious email attachment, according to Mounir Hahad, head of Juniper Threat Labs.

VPNFilter malware has affected more than 500,000 routers. How is that even possible? VPNFilter does not just make devices unusable, it can bypass SSL encryption on the web, lifting sensitive data from unsuspecting users.

Cisco Talos researcher Craig Williams explains the potential dangers of the new capability to Ars Technica, giving an example of a situation that users might find themselves in. "But it appears [attackers] have completely evolved past that, and now not only does it allow them to do that, but they can manipulate everything going through the compromised device". However, the botnet cannot only affect incoming and outgoing data but also modify bank account balances after stealing your money not to raise suspicion, or even steal PGP keys.

VPNFilter, a destructive form of malware that targets routers first discovered in May is far worse than initially thought, shaping up to be potentially this year's largest coordinated attack, according to a new report. "They can manipulate everything going in and out of the device". Despite the command and control unit being shut down by the Federal Bureau of Investigation weeks ago, the malware is already out in the open and attackers can use it to target users across the globe. They're after certain very small things like credentials and passwords. They're not trying to gather as much traffic as they can.

"The technical sophistication of this attack is like nothing we've ever seen before".

Judge who issued Brock Turner's six-month sentence loses job
Persky declined comment Tuesday night and didn't return phone calls from The Associated Press on Wednesday. This week, voters agreed to recall - that is, remove - Persky.

But wait, there's more.

Getting rid of VPNFilter isn't an easy task.

And if that's not enough researchers discovered an additional stage 3 module that provides any stage 2 module that lacks a kill command the capability to disable the device. Williams said he has seen no evidence VPNFilter has infected devices running Tomato, Merlin WRT, and DD-WRT firmware, but that he can't rule out that possibility.

While VPNFilter is mostly targeting routers in Ukraine, suggesting a political motivation, it's strongly recommended that all owners of the affected routers update their firmware or perform a factory reset.

"At this point, it is important for people who had routers in the list of affected devices to make sure they have an updated anti-virus software running on their endpoints".

Other reports by

Discuss This Article