• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 26th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

VPNFilter malware caught infecting Asus, D-Link, Huawei, ZTE & others

June 7th, 2018 Waqas Security, Malware 0 comments
VPNFilter malware caught infecting Asus, D-Link, Huawei, ZTE & others
Share on FacebookShare on Twitter

VPNFilter malware is back and it seems like rebooting your routers will not protect them against this growing threat.

VPNFilter malware was discovered by Cisco Talos but it got more attention when the FBI, a couple of weeks ago, seized a domain hosting botnet of 500,000 hacked IoT devices including network-access storage (NAS) devices and home and office (SOHO) routers in at least 54 countries.

The seized domain created the botnet with the help of VPNFilter malware which the FBI believes is linked to highly sophisticated and well funded Russian hackers. Later on, the Bureau shared a list of compromised router models and urged users around the world to reboot their routers to get rid of VPNFilter malware.

However, now, it has come to attention that VPNFilter malware infection is far more dangerous than previously thought. According to the latest findings by Cisco Talos, the list of devices targeted by VPNFilter is increasing which is not a good news. 

The latest research reveals that the malware now is targeting routers developed by manufacturers like ASUS, D-Link, Huawei, UPVEL, Ubiquiti, and ZTE. The researchers have also identified additional capabilities in VPNFilter including the ability to deliver exploits to endpoints and override reboots.

See: Authorities dismantle Andromeda Botnet that infected millions of devices

Furthermore, Talos researchers have also found “ssler,” a three-stage module exploiting web traffic to inject malicious content as it passes through a network device. This allows attackers to deliver exploits to endpoints via a man-in-the-middle capability – All this is done without the victim’s knowledge.

“With this new finding, we can confirm that the threat goes beyond what the actor could do on the network device itself, and extends the threat into the networks that a compromised network device supports,” said the blog post.

This also indicates that rebooting routers is practically useless and does not protect targeted routers from VPNFilter malware. Additionally, researchers have identified that the malware is also equipped with “dstr” (device destruction module) which is “used to render an infected device inoperable by deleting files necessary for normal operation,” wrote researchers.

“It deletes all files and folders related to its own operation first before deleting the rest of the files on the system, possibly in an attempt to hide its presence during a forensic analysis.”

List of newly identified routers models targeted by VPNFilter malware

Asus: RT-AC66U, RT-N10, RT-N10E, RT-N10U, RT-N56U, and RT-N66U.
D-Link: DES-1210-08P, DIR-300, DIR-300A, DSR-250N, DSR-500N, DSR-1000, and DSR-1000N.
Huawei: HG8245.
Linksys: E1200, E2500, E3000 E3200, E4200, RV082, and WRVS4400N.
Mikrotik: CCR1009, CCR1016, CCR1036, CCR1072, CRS109, CRS112, CRS125, RB411, RB450, RB750, RB911, RB921, RB941, RB951, RB952, RB960, RB962, RB1100, RB1200, RB2011, RB3011, RB Groove, RB Omnitik, and STX5.
Netgear: DG834, DGN1000, DGN2200, DGN3500, FVS318N, MBRN3000, R6400, R7000, R8000, WNR1000, WNR2000, WNR2200, WNR4000, WNDR3700, WNDR4000, WNDR4300, WNDR4300-TN, and UTM50.
QNAP: TS251, TS439 Pro, and other QNAP NAS devices running QTS software.
P-Link: R600VPN, TL-WR741ND, and TL-WR841N.
Ubiquiti: NSM2 and PBE M5.
ZTE: ZXHN H108N.

“These new discoveries have shown us that the threat from VPNFilter malware continues to grow. In addition to the broader threat surface found with additional targeted devices and vendors, the discovery of the malware’s capability to support the exploitation of endpoint devices expands the scope of this threat beyond the devices themselves, and into the networks those devices support,” concluded researchers.

“If successful, the actor would be able to deploy any desired additional capability into the environment to support their goals, including rootkits, exfiltration capability, and destructive malware.” 

See: New IoT Botnet DoubleDoor Bypass Firewall to Drop Backdoor

Image credit: Depositphotos

  • Tags
  • Cisco
  • Cyber Attack
  • Cyber Crime
  • FBI
  • hacking
  • IoT
  • Malware
  • Router
  • Russia
  • security
  • VPNFilter
Facebook Twitter LinkedIn Pinterest
Previous article HR software firm suffers massive data breach after malware attack
Next article Prowli malware takes over 40,000 devices worldwide for Monero mining
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Watch out as new Android malware spreads through WhatsApp

Watch out as new Android malware spreads through WhatsApp

SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Why you should never use free a VPN
Drones

Why you should never use free a VPN

12
Watch out as new Android malware spreads through WhatsApp
Security

Watch out as new Android malware spreads through WhatsApp

33
Man jailed after attempting to buy 3-year-old girl on dark web
Cyber Crime

Man jailed after attempting to buy 3-year-old girl on dark web

115

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us