A piece of malware believed to originate from Russia that began doing the rounds two weeks ago is affecting far more routers than we first learned.
Researchers from Cisco previously noted that the malware, dubbed VPNFilter, infected more than 500,000 routers in over 50 countries and is capable of rendering them unusable. They’ve now found that this malware could also bypass SSL encryption, inject more malicious code into incoming traffic, and steal sensitive data like passwords.
Do you want to be a cryptocurrency millionaire?
Don't get your hopes up.
Cisco Talos has an updated list of the affected devices, which include routers from ASUS, D-Link, Huawei, Linksys, Microtik, Netgear, QNAP, TP-Link, Ubiquiti, Upvel, and ZTE.
Symantec noted that VPNFilter appears to be targeting routers located in Ukraine for some reason; however, there’s a small chance that your device might have come under fire even if you’re located elsewhere in the world.
If your router is on the list and you believe it may be infected, Symantec recommends rebooting it right away to prevent the malware from bricking your router.
That might still leave in a module of VPNFilter which can reinstall the remaining stages and attack your device.
So, at this point, you can either apply a firmware patch (if available) from your router maker, or perform a hard reset that will restore your router’s factory settings. You’ll want to back up your configuration settings and credentials before doing so, as those will be wiped in this process.
As Engadget notes, the threat of VPNFilter continues to loom large because the attackers could set up a new domain to infect more devices, and because many companies are slow update their firmware. Hopefully, affected customers will act quickly enough to stop VPNFilter in its tracks before it does any real damage.