VPNFilter, the strain of malware that prompted the FBI to warn all router owners late last month to reboot their devices, appears to be much worse than initially thought. A new report from Cisco Talos on Wednesday confirmed that the VPNFilter malware can bypass the SSL encryption between a server and a client, that on top of its ability to undermine the router up to the point of its unusability.
According to the security firm, the Russia-linked VPNFilter malware has been targeting more router devices and vendors than what was previously listed. New vendors on the target list include Asus, D-Link, Huawei, ZTE, Ubiquiti, and UPVEL. New devices from Linksys, Netgear, MikroTik, and TP-Link were also discovered affected.
"We have seen that VPNFilter is targeting more makes/models of devices than initially thought, and has additional capabilities, including the ability to deliver exploits to endpoints," states Cisco Talos.
What Does VPNFilter Malware Do?
The VPNFilter malware has a module that captures outgoing HTTP or SSL requests to convert them into non-secure requests. In this way, the people behind VPNFilter can peek through a person's login credentials and other sensitive data and copy them.
It was reported in May that about 500,000 routers were strained by the malware, prompting the FBI to recommend that impacted routers be reset to its factory state. Unfortunately, it just would not cut it.
Now, security experts have worked around the system, advising all owners of aforementioned router brands to upgrade the device firmware, and not just to factory-reset their devices. Users are recommended to visit the router makers' support pages for the step-by-step guide on how to update firmware and perform a factory reset.
List of Affected Routers
Cisco Talos has released the updated list of the models that are vulnerable to the VPNFilter malware, as follows:
Asus
- RT-AC66U (new)
- RT-N10 (new)
- RT-N10E (new)
- RT-N10U (new)
- RT-N56U (new)
- RT-N66U (new)
D-Link
- DES-1210-08P (new)
- DIR-300 (new)
- DIR-300A (new)
- DSR-250N (new)
- DSR-500N (new)
- DSR-1000 (new)
- DSR-1000N (new)
Huawei
- HG8245 (new)
Linksys
- E1200
- E2500
- E3000 (new)
- E3200 (new)
- E4200 (new)
- RV082 (new)
- WRVS4400N
Mikrotik
- CCR1009 (new)
- CCR1016
- CCR1036
- CCR1072
- CRS109 (new)
- CRS112 (new)
- CRS125 (new)
- RB411 (new)
- RB450 (new)
- RB750 (new)
- RB911 (new)
- RB921 (new)
- RB941 (new)
- RB951 (new)
- RB952 (new)
- RB960 (new)
- RB962 (new)
- RB1100 (new)
- RB1200 (new)
- RB2011 (new)
- RB3011 (new)
- RB Groove (new)
- RB Omnitik (new)
- STX5 (new)
Netgear
- DG834 (new)
- DGN1000 (new)
- DGN2200
- DGN3500 (new)
- FVS318N (new)
- MBRN3000 (new)
- R6400
- R7000
- R8000
- WNR1000
- WNR2000
- WNR2200 (new)
- WNR4000 (new)
- WNDR3700 (new)
- WNDR4000 (new)
- WNDR4300 (new)
- WNDR4300-TN (new)
- UTM50 (new)
Qnap
- TS251
- TS439 Pro
- Other QNAP NAS devices running QTS software
TP-Link
- R600VPN
- TL-WR741ND (new)
- TL-WR841N (new)
Ubiquiti
- NSM2 (new)
- PBE M5 (new)
Upvel
- Unknown models (new)
ZTE
- ZXHN H108N (new)