Each and every malware on the internet is designed to affect a computer differently. One of the most potent malware among these is the VPNFilter malware.
This malware was specifically designed to steal critical information, disrupt internet traffic and harm the computer in other ways. It was an international attack that affected thousands of routers in 2018.
VPNFilter Malware was first detected in Ukraine and originated in Russia. Later, it started infecting specific brands of routers around the world.
The origin of this malware is unknown and steps are still being taken to disrupt its infection. A group of Russian hackers is primarily suspected behind this VPNFilter Malware.
The attackers can easily intercept the internet traffic, steal information and run their own commands on infected routers.
The biggest threat of the VPNFilter Malware is that it can persist in the infected router even after a reboot. It is designed to automatically downgrade a secure internet connection to an insecure one.
The VPNFilter Malware works in three stages as mentioned below.
The malware gets downloaded and infects the router in the initial stage. Thereafter, the program will lay its foundation and connect to a malicious server. This is where the program will get its commands from.
It can easily persist and survive a router’s reboot.
This is the stage where the main attack occurs. The commands are sent from the malicious server to the router. This will enable the hacker to access the system’s files, intercept important data and even run commands on the system.
The most dangerous works happen at this stage. The VPNFilter Malware will be able to steal website credentials and other sensitive data. This information could include credit card numbers, social security information, and bank details.
The attackers can use this information for unethical purposes. They can even sell this data to third parties on the Dark Web. They also have the ability to render a router unusable by “bricking” it.
The VPNFilter Malware has primarily targeted only certain brands of routers. You can find the complete list mentioned in the following.
These router’s firmware was replaced by the malicious firmware by the attackers.
The list of infected routers of the Asus brand are –
Some of the models may not be available everywhere in the world. However, you should check if your router falls under this list.
The affected routers of D-Link are –
Check for your router model if you are using a Linksys router –
People using a MikroTik router should find their model in the following –
Netgear router users can check the following list –
People using TP-Link routers should be concerned if their router falls under the following –
Other brands that are infected with VPNFilter Malware are –
QNAP has a limited number of infected routers. However, they’re prone to be infected with VPNFilter Malware if their router has the QTS software.
Upvel is another brand of routers that have been infected. Their model numbers are not known as of today.
You are likely to be infected with VPNFilter Malware if you are using any of the listed routers. Another cause of being infected with this malware is if you have never changed your router’s default login credentials.
All routers come with a factory default login credential. The most common login info for routers are ‘admin’ as the username and ‘1234’ or ‘admin’ again as its password.
You could encounter attacks if you have never changed this information.
The VPNFilter Malware is designed to stay in the router even after it is rebooted. However, you can get rid of this malware by following the given steps.
Please make sure that the Ethernet cable connecting the router to the internet is pulled out. This is done as a precaution because VPNFilter Malware can contact the attacker if it senses a reboot.
If the attacker is notified, he will just infect the router once again.
Every router comes with a factory reset button. The location of this button differs from router to router. Most of the time, it is located on the backside.
If you are not sure, you can easily check its quick guide or look up your router’s model online.
Next, you need to press this button with a thin material like a sewing needle. It could be anything as long as it can fit inside. Press and hold for around 10 seconds. Your router will reset to the factory settings.
Most of the brands mentioned above have already updated their firmware to prevent VPNFilter Malware. You can download and update to the latest firmware from their official website.
Make sure to set your router to automatically download and install the latest firmware.
This is the most important step. All the routers mentioned above were infected because their default login credentials weren’t changed.
The steps for changing the default login info will differ from router to router. You can follow these steps to change the login info. The placements may be different but you’ll be able to navigate easily.
This will block any third parties from accessing your router. You can turn off remote management by following these steps.
These steps will differ from router to router but the premises will be the same.
You will be able to remove VPNFilter Malware by following the above steps. You can protect your router from attacks by changing the default login credentials. Buying a reputed VPN is another way to protect yourself from such attacks.