Researchers report about new devastating features of the VPNFilter malware
Two weeks ago reports about VPNFilter malware appeared in the security news. A hazardous botnet operated from Russia aimed at routers and FBI suggested to reboot and update them in order to prevent the attack. We thought that we are safe now too. However, authors of malware had some secrets.
Researchers from Cisco Talos shared new information from the outgoing research. It seems that VPNFilter can affect more different routers. ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE are not immune to the recent malware. However, more Linksys, MikroTik, TP-Link and Netgear devices are under the target too.
However, a more extensive list of targets is not the only problem. According to the latest information, malware has modules that allow man-in-the-middle attacks. Hence, they can not only inject malicious code into the websites you visit but manipulate the content you see on the web too.
New capabilities of VPNFilter
Previously it was thought that malware is used for taking control over the affected computer, stealing personal information or make the affected device unusable. However, these are not the only activities.
The recent information shows that malware can inject malicious codes or payloads to the web traffic that goes through the compromised router. The “ssler” module (Endpoint exploitation module) also allows changing the content that a user sees. For instance, you might think that you browse through your online bank and see where you have spent the money. But actually, your savings are already transferred to hackers’ account. However, you cannot notice this activity.
Furthermore, malware has a “dstr” or device destruction module. Just like the name suggests, it used for making the affected device unusable:
The dstr modules are used to render an infected device inoperable by deleting files necessary for normal operation. It deletes all files and folders related to its own operation first before deleting the rest of the files on the system, possibly in an attempt to hide its presence during a forensic analysis. [Source: Cisco Talos]
Researchers also give more information about previously discovered packet sniffer module. This feature allows tracking specific information used on industrial control systems that are connected via TP-Link R600 virtual private network. According to Ars Technica, attackers are not interested in obtaining as much information as possible. They are interested in specific details, such as credentials and passwords.
Things to do to protect your router, computer, and privacy
The first reports about VPNFilter warned that around 500,000 home and small company routers might be infected. However, recent information tells that the target field might be expanded up to 200,000 additional routers that are not immune to this cyber threat. There’s no doubt that taking precautions is a must to avoid a destructive cyber attack.
FBI already informed about a necessity to reboot network routers. Meanwhile, manufacturers provided important updates that should protect devices from the cyber attack. Additionally, you should set a strong password and disable remote administration feature. To increase router’s security, you can also run it behind a security firewall. Finally, install firmware and security patches.