500,000 router devices affected so far by VPNFilter Malware

Due to a VPNFilter Malware, the FBI had advised rebooting the router to destroy a malicious virus two weeks ago. But, the virus remained unaffected and have spread over various devices in more than 54 countries.

The VPNFilter Malware has affected over 500,000 routers so far. It has proved to be far more deadly than intended. Cisco Talos, a leading-edge cyber threat intelligence, stated in a report that the virus is showing more capabilities and is badly affecting more devices. It can auto-transform further viruses to other devices and can also leak private data of a common man which can be easily misused.

Talos further explained the malware by reporting in their blog:

One significant discovery is the “ssler” (pronounced Esler) — a module that lets hackers intercept traffic passing through the compromised device or router

The FBI had intended to destroy the malware with the public’s help; it would have been destroyed if everyone rebooted their routers. But it seems as if either not everyone did as they were told, or the malware has proved to be stronger than anticipated, which in both cases have become a huge problem as the virus is spreading uncontrollably.

Talos senior Craig Williams stated in an interview with Ars Technica that:

I’m concerned that the FBI gave people a false sense of security. VPNFilter is still operational. It infects even more devices than we initially thought, and its capabilities are far in excess of what we initially thought. People need to get it off their network.

The devices affected by the virus are:

1. ASUS
2. D-Link
3. Huawei
4. Ubiquiti
5. UPVEL
6. ZTE

According to Talos, the newly affected devices are:

1. MikroTik
2. Netgear
3. TP-Link
4. Linksy

The FBI, however, is still trying their best to resolve the matter with cyber threat intelligence company, Cisco Talos. The Hacker News explains the botnet’s working:

Stage 1 of the malware can survive a reboot, gaining a persistent foothold on the infected device and enabling the deployment of stages 2 and 3 malware. So, each time an infected device is restarted, stages 2 and 3 are re-installed on the device.

This shows that rebooting a router is not going to make matters simpler. Contacting the manufacturing company is probably the best solution so far. Although for some devices, restoring the settings to factory reset may solve the issues in some cases.