Over Half a Million Routers Infected by Destructive VPNFilter Malware

malware web

Kaspersky Labs recently discovered a new Android malware called ‘Roaming Mantis’, which tricked users into accessing malicious websites by gaining access to their Wi-Fi routers to steal their login credentials. Security researchers have now discovered a new malware which has affected over half a million networking devices across the world, and can be used for data theft, widespread network attacks and can even make the networking device unusable.

Discovered by threat intelligence group, Cisco Talos, the new malware is called ‘VPNFilter‘. So far, the malware has been known to affect over 500,000 small and home office (SOHO) routers and QNAP network-attached storage (NAS) devices in 54 countries since it was spotted for the first time in 2016.

Over Half a Million Routers Worldwide Infected by Destructive VPNFilter Malware
Image Courtesy: Cisco Talos

VPNFilter is a multi-stage, modular platform malware which has the potential to intercept and collect data flowing through a network system, launch destructive cyber attacks and also destroy networking hardware. According to Cisco Talos experts, the malware is known to have infected Linksys, MikroTik, NETGEAR and TP-Link networking equipment, allowing malicious parties to steal website credentials, monitor SCADA protocols, etc. Moreover, the malware can also be exploited to render networking devices permanently unusable by using a ‘kill command’, and also cut-off internet access for thousands of victims worldwide.

The malware exists in three stages, and worryingly, the stage 1 malware can not be destroyed by rebooting the networking device to factory settings, while the stage 2 and stage 3 can be eliminated by the reboot process. Security experts pointed that the VPNFilter malware attack appears to be state-sponsored and might have been launched by a state-affiliated entity, a doubt which has now turned out to be true.

According to a report from TBD, FBI has seized the control of a key server run by the Russian government, which was allegedly used to infect networking devices with the VPNFilter malware across the world.

VIA ARSTechnica
SOURCE Talos Intelligence
comment Comments 0
Leave a Reply