VPNFilter malware was part of a nasty botnet that infected over half a million devices in over 54 countries.
Last Wednesday, The US Justice Department revealed how the FBI seized a domain that was hosting a botnet of 500,000 compromised home and office (SOHO) routers and network-access storage (NAS) devices in over 54 countries – These devices were developed by Linksys, TP-Link, MikroTik, and NETGEAR.
The department further stated that the domain ToKnowAll.com was being operated by a state-sponsored hacking group from Russia known as Fancy Bear who was using a highly advanced and sophisticated malware in their campaign – The malware was dubbed as VPNFilter.
Reboot your routers – Get rid of VPNFilter
The FBI, on the other hand, vowed to capture the Internet Protocol (IP) address of infected devices to alert targeted users. Today, in a statement the FBI has urged any owner of home and office (SOHO) router to reboot their routers to flush out VPNFilter.
“The FBI recommends any owner of small office and home office routers power cycle (reboot) the devices,” said the FBI. “VPNFilter is able to render small office and home office routers inoperable. The malware can potentially also collect information passing through the router.”
VPNFilter is a nasty malware
Simply put: All you have to do is reboot your router to get rid of the malware which not only spies on users but also steals credentials through Internet traffic. According to IT security researchers at Cisco:
“VPNFilter is an expansive, robust, highly capable, and dangerous threat that targets devices that are challenging to defend. Its highly modular framework allows for rapid changes to the actor’s operational infrastructure, serving their goals of misattribution, intelligence collection, and finding a platform to conduct attacks.”
List of router models infected with VPNFilter
The malware infected over half a million devices around the world in over 54 countries however its prime target was Ukraine. Here is a list of router models infected with VPNFilter malware.
- Linksys E1200
- Linksys E2500
- Linksys WRVS4400N
- Netgear DGN2200
- Netgear R6400
- Netgear R7000
- Netgear R8000
- Netgear WNR1000
- Netgear WNR2000
- QNAP TS251
- QNAP TS439 Pro
- TP-Link R600VPN
The FBI is also advising users to change their router’s login credentials, keep an eye on Internet traffic, update the router to latest available version of firmware and disable remote management settings on their devices.
Additionally, users can visit QNAP’s security advisory to follow recommendations to avoid possible exploits. Stay safe online.
Image credit: Depositphotos