VPNFilter malware is still here and even more unsafe

Doris Richards
June 9, 2018

But, the virus remained unaffected and have spread over various devices in more than 54 countries.

"In the days since we first published our findings on the campaign, we have seen that VPNFilter is targeting more makes/models of devices than initially thought, and has additional capabilities, including the ability to deliver exploits to endpoints", Cisco Talos wrote in a post dated Wednesday.

"These new discoveries have shown us that the threat from VPNFilter continues to grow", it said.

Cisco also revealed a newly discovered stage 3 module, named "ssler", which "injects malicious content into web traffic as it passes through a network device".

Nasty VPNFilter malware can attack connected devices, downgrade HTTPS and render routers unusable.

"If successful, the actor would be able to deploy any desired additional capability into the environment to support their goals, including rootkits, exfiltration capability and destructive malware". A hard reset of the device should get rid of VPNFilter completely, but it will also reset your configuration details.

"T$3 hey can manipulate everything going through the compromised device". The vulnerabilities being exploited that allow VPN Filter to be installed vary from device to device, as do the steps needed to identify whether a router is infected and how to purge it of the malware. They can modify your bank account balance so that it looks normal while at the same time they're siphoning off money and potentially PGP keys and things like that.

The revelation indicates that VPNFilter has affected more routers than the 500,000 the Federal Bureau of Investigation said were infected. "They can manipulate everything going in and out of the device". The malware is constructed in such a way that a Stage 1 attack acts as a backdoor on devices that can be infected, and is used to download additional payloads, Stages 2 and 3, which bring over the more sophisticated features, including man-in-the-middle-attacks and self-destruction. As a result, more users are at risk of being targeted by Russian hackers.

"The technical sophistication of this attack is like nothing we've ever seen before". Just unplug the router and leave it that way for 10 seconds before you plug it back in, Inc. reported. Changing default passwords is also advised, as is disabling remote administration. However, Williams says that a reboot alone isn't enough to fully remove the malware from infected devices.

Other reports by Iphone Fresh

Discuss This Article