VPNFilter malware targets thousands of devices worldwide

null

Private and public sector officials recently warned that Russian state-sponsored hackers had infected over 500,000 routers in 54 countries with malware and now researchers from Cisco's Talos security team have revealed that this malware is more powerful than it was initially thought to be and on even more devices. 

The researchers discovered that the malware, called VPNFilter, contains a number of new capabilities including a module that performers an active man-in-the-middle attack on incoming Web traffic. Attackers can utilise this ssler module to inject malicious payloads into traffic as it passes through an infected router. Additionally the payloads themselves can be made to exploit specific devices connected to the infected network. 

Ssler is also able to steal data that passes through the connected end-points and the outside Internet such as usernames, passwords and other sensitive information. The module inspects all of the URLs accessed through the infected router to see if it can store sensitive data which it then sends to servers controlled by the attackers who could use it commit fraud and other crimes online. 

Ssler is even able to bypass TLS encryption by downgrading HTTPS connections to plaintext HTTP traffic. The module is even programmed to make exceptions for sites such as Google, Twitter, Facebook and Youtube which it knows employ additional security features. 

These new details prove that VPNFilter poses a much more significant threat than previously thought when it was first publicly disclosed. Cisco initially thought that malware was designed to target home and small-office routers but now it appears that the owners of these devices are in fact a target themselves. 

VPNFilter also targets a much larger number of devices than previously thought, including routers manufactured by ASUS, D-Link, Huawei, Ubiquiti, UPVEL and ZTE as well as new models from manufacturers known to be targeted inlcuding Linksys, MikroTik, Netgear and TP-Link. 

Despite the FBI's recent advice to unplug and reboot your affected router, it seems that VPNFilter will not be dealt with so easily and we will likely see manufacturers taking action to patch their devices soon. 

Image Credit: 3844328 / Pixabay