VPNFilter, the malware discovered last month affecting hundreds of thousands of home and office routers, is way more dangerous than initially thought. It is targeting more vendors and devices, and injecting malicious content into traffic without user’s knowledge.
In last week of May, FBI had warned all the router users to reboot their devices to temporarily disrupt the malware. According to FBI, the malware could collect information that passes through routers, exploit the devices, and block network traffic. Routers from several manufacturers including MikroTik, Netgear, Linksys, and TP-Link were found compromised with the malware.
Fast forward, the researchers at Cisco Talos reported that VPNFilter is affecting more devices than previously thought. It is targeting six additional vendors including ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE, the researchers said.
If that’s not bad enough, the researchers also claimed that attackers can manipulate internet traffic on the end-devices in several ways. Earlier, only two stages of attack were discovered. Now, the researchers have suspected a stage 3 module that allows attackers to intercept network traffic and inject malicious code into it without letting the users know.
“The technical sophistication of this attack is like nothing we’ve ever seen before. The bad guys continue to innovate and interate using a modular approach. Our research into this shows they can deliver threats to the endpoint and network. Once you can inject code you can quite literally do anything- steal passwords, install software…” said Matt Watchinski, VP, Cisco Talos.
The large enterprise-grade routers, and Cisco routers and switches have not been affected, said researchers.
Also read: Slingshot malware attacking router-connected devices since 2012 without detection
To protect against this malware, researchers suggested the same thing as they did two weeks ago: Unplug the device from network, restore it to original factory settings, and update security patches.