The Federal Bureau of Investigation (FBI) is warning everyone about the dangerous new Russian malware, called VPNFilter, which is estimated to affect 500,000 to 1,000,000 routers in different 54 countries.
They have also advised all small office and home router owners to reboot their routers to prevent the spread of the malware. So, what is it exactly and what you can do to protect yourself from it? Read on for more.
What Is VPNFilter?
VPNFilter is a piece of sophisticated malware that targets consumer-grade routers and network-attached (NAS) devices. It’s highly advanced, multi-functional, and unlike most router-based malware, can survive regular reboots.
The malware infects devices by using their default credentials or exploiting vulnerabilities and has a range of capabilities, including spying on the traffic flowing through the device. It also has the ability to render the affected device useless!
What Does It Do?
Once the VPNFilter malware creeps into your router, it installs itself in three stages:
Stage 1: In the first stage, the malware sets itself up in a way that allows it to persist on the infected router even if the user turns it off.
Stage 2: The second stage has main payload and is capable of device management, file collection, data exfiltration, and command execution. It can also “brick” the device by overwriting a part of the firmware and rebooting the device.
Stage 3: The third stage serve as plugins for the second stage and provide additional functionality, allowing the attackers to sniff the packets passing through the router and communicate over Tor. A newly discovered module also gives them the ability to snoop on your traffic and tamper with it to execute man-in-the-middle attacks.
Which Devices Can Be Affected?
Here’s a list of routers that are known to be potentially targeted by the VPNFilter malware. We’ll be updating it as soon as we learn more.
- RB Groove
- RB Omnitik
- Mikrotik RouterOS versions up to 6.38.5 on current or 6.37.5 on bugfix release chains
- TS439 Pro
- Other QNAP NAS devices running QTS software
- PBE M5
- ZXHN H108N
- Unknown models
How to Protect Yourself?
Now that you know what VPNFilter malware is and how it can affect you, here are some simple measures to protect your Internet router:
- Update Your Router Firmware: Device manufacturers are already working on rolling out patches that will protect users against the threat posed by the VPNFilter malware. Therefore, make sure you install the updates as soon as they’re made available.
- Factory Reset Your Router: According to Symantec and Cisco, doing a factory reset should remove the malware from the affected device. However, this will also reset your router to its original settings. It’s recommended that you change the device’s default settings immediately to prevent the possibility of reinfection.
- Change Your Router Passwords: Since the malware infects devices by using their default credentials, it only makes sense to set a stronger password – it should be at least 12 characters in length.
- Install PureVPN on your Router: Yup, that’s right. PureVPN will not only encrypt all your data, making it impossible for anyone to read it, but also help stop the malware dead in its track.
Wrapping Things Up
We’ll be updating this article as we learn more about the VPNFilter malware. For now, protect yourself with the steps we’ve mentioned above and stop your router from becoming the part of a dangerous botnet!