Router malware VPNFilter worse than expected; more brands may be affected
Image: Cisco Talos Security Intelligence and Research Group
Additional research on the router malware VPNFilter has found that it may be more dangerous than previously thought.
An update on the ongoing study of the router malware by Cisco Talos Security Intelligence and Research Group (Talos) found an even bigger threat than previously thought. VPNFilter may also be targeting new router brands in the malware’s continued spread, according to a statement.
The new router brands the researchers found to be vulnerable are ASUS, D-Link, Huawei, Ubiquiti, UPVEL and ZTE. In addition, more device models from Linksys, MikroTik, Netgear and Network Storage Device (NAS) maker TP-Link were found to be vulnerable.
As for VPNFilter, cybersecurity researchers learned that the malware had a module they called “ssler” (pronounced “esler”), which could be used to hijack web traffic as it passes through a router or NAS. After hijacking, VPNFilter injects malicious software to infect more networked devices.
Talos also discovered a module they call “dstr,” or device destruction module. When activated, the dstr module removes all traces of VPNFilter including files needed by a device to operate normally. This basically renders the infected device unusable or “bricked.”
The researchers put together a new list of affected networking devices, which includes models from the new brands being targeted.
In conclusion, Talos researchers and their partner organizations found that VPNFilter could destroy not only a directly targeted device but also any other networking device connected to the initial victim. Attackers could effectively cover their tracks using this method after acquiring the information they needed. /ra
RELATED STORIES:
500,000 internet routers may be infected with destructive malware, experts say
GitLab traffic spikes after news of GitHub purchase by Microsoft
‘Back to the Future’ inspires scientists to make ’flux capacitor’ for quantum computers
