Hackers, possibly from Russia, have infected more than half a million home and office routers across the globe, with a stealthy and destructive malware which can be employed to collect information, launch attacks on other devices, and eternally tear down the devices with only one command.
Dubbed VPNFilter, this advanced malware can endure a system reboot. The devices which the VVPN filterhas affected include NETGEAR, Linksys, MikroTik, and TP-Link networking devices in small offices and home spaces. IT has also affected QNAP network attached storage equipments.
The Talos research group of Cisco has revealed that this malware has already infected approximately 500,000 routers in over 54 nations including the US. As per the Talos blog, this malware has been targeting Ukrainian routers at an alarming rate.
The chief domain which was used for infecting routers has been seized by the FBI. FBI agents believe that this attack was launched by the Russian government.
How does this malware work?
VPNFilter malware is multi-staged. In the first stage, it gets installed and is employed to maintain a constant existence on the affected equipment. It will download additional modules via command and control server. The second stage consists of the main payload. In the second stage, it has the ability to collect files, execute commands, exfiltrate data, and manage the devices. It also is self-destructive. There are many different modules of stage 3. The third stage modules act like plugins for the second stage.
What does this malware do?
Home routers are an easy target for hackers. They can get easily infected and are often left untreated. Digital attacks are spreading via home routers. Security researchers are issuing warning that a bunch of advanced hackers has gathered a collection of routers infected with malware which might be used as a powerful tool to spread havoc across the world of internet. They might also be used to implode networks around the world.
This sophisticated malware lets the hackers steal the website details and information such as login credentials. It can also make the affected devices unusable. It is a self-destructive malware. Therefore, if the user wants to kill it then it will delete the malicious code along with other applications on the victim’s device.
How to tell if your router is infected?
The manufacturers of home routers produce a huge number of different equipments and they do not bother about updating them. Therefore, routers are left open to attack. Hackers often alter the DNS settings on the network router. People with a sharp-eye might notice if their DNS server is malicious because phishing websites do not have HTTPS encryption.
One of the best ways to determine whether your router has been compromised or not, is to check the DNS settings. Moreover, enable firmware on your device. Make sure that the firmware for your router is latest. It will protect your router from any unpatched flaws.
Norton Security offers high-grade and premium protection for all devices. It has an exhaustive database of all the known viruses and malware, and it keeps updating them in a real-time basis. With Norton antivirus software installed on your device, you can breathe a sigh of relief as you will not have to worry about online threats. To know more, go to Norton.com/setup or www.norton.com/myaccount.