VPNFilter Is A Lot Worse Than Previously Thought: How To Protect Yourself From The Russian Router Malware

Vincent Lanaria, Tech Times 07 June 2018, 12:06 am

Recently, security experts warned that Russian hackers have infected over 500,000 consumer routers in 54 countries with malware called VPNFilter.

However, new findings say that the situation is much worse, as the malware in question is more harmful and capable of infecting more router models than first thought.

The Problem Grows

The initial report stated that Linksys, MikroTik, Netgear, and TP-Link are vulnerable to VPNFilter, and according to Cisco Talos, the list has now expanded to include more models from the four aforementioned manufacturers, as well as products from Asus D-Link, Huawei, Ubiquiti, UPVEL, and ZTE.

As for the malware itself, one of the new capabilities the company has determined is a man-in-the-middle attack.

"We have also discovered a new stage 3 module that injects malicious content into web traffic as it passes through a network device ... The new module allows the actor to deliver exploits to endpoints via a man-in-the-middle capability (e.g. they can intercept network traffic and inject malicious code into it without the user's knowledge)."

Cisco Talos researcher Craig Williams explains the potential dangers of the new capability to Ars Technica, giving an example of a situation that users might find themselves in.

"[T]hey can manipulate everything going through the compromised device. They can modify your bank account balance so that it looks normal while at the same time they're siphoning off money and potentially PGP keys and things like that. They can manipulate everything going in and out of the device."

The firm also uncovered a stage 3 module that can give stage 2 modules that don't have the kill command the ability to disable a device.

"When executed, this module specifically removes traces of the VPNFilter malware from the device and then renders the device unusable."

Best Measure To Take

The best way to steer clear of the malware is to update routers to their latest firmware versions and do a factory reset.

It's recommended to write down Wi-Fi network names and their passwords and reuse them after the reset so that devices that used to connect to the router can reconnect without any hassle.

Now resetting and updating routers depend on their brands. As such, there's no one guide that covers all of them. However, instructions on how to perform resets and updates can typically be found on manufacturers' support pages.

The Bottom Line

To recap, the VPNFilter malware can affect more routers from more brands than originally believed. As a result, more users are at risk of being targeted by Russian hackers. This means that more people will have to install the latest firmware updates and perform a factory reset on their routers.