VPNFilter malware sinks its teeth in more routers

Photo-illustration (REUTERS/Mal Langsdon).

The Wi-Fi-router-killing malware known as VPNFilter is more dangerous than was previously thought. The malicious code can infect more than 70 different models, from a single dozen.

Last month, Cisco warned the public about the malware, which contains a self-destruct function that brick of a device. The company estimates that at least 500,000 wireless and broadband routers all over the world now are infected.

Since Cisco went public, the company has noticed that the malware and to expand its objectives. The malicious code is now going after the products of Asus, D-Link and Huawei, in addition to attacking more models of Netgear and MikroTik.

More From PCmag

  • Love it or Hate it, Steam will not Censor Controversial Games

  • Amazon Fraudsters Get Prison Time On Stolen Gadgets

  • Amazon Echo Watch Now Available Without an Invitation

  • Sonos Beam Brings a Powerful Sound (and Alexa) to the Living room

On top of all this, Cisco has discovered a new possibility in VPNFilter; the secret can inject malicious content through web traffic that passes through an infected router. The possibilities can VPNFilter stage what is called a man-in-the-middle-attack, so that it can spy on victims and steal their sensitive data, Cisco’s Talos security group said in a blog post on Wednesday.

“These new discoveries have shown that the threat of the VPNFilter continues to grow,” he said.

Built VPNFilter is not definitely known, but the U.S. Department of Justice is the finger to Russia; it is the fault of the malware the development of a state-sponsored hacking group from the Kremlin known as a Nice Beer or APT28. When Cisco discovered that the malware, it should be noted that the malicious code to spread at an “alarming rate” in the Ukraine.

What is clear however, is that VPNFilter is a disturbing threat. When the malware infects, it can download a module that allows the malicious code to intercept and manipulate web traffic goes through the router. It will also try to downgrade HTTPS encrypted connections to HTTP, so that sensitive data may be exposed in clear text and collected.

The VPNFilter has been able to attack so many router models by means of well-known vulnerabilities in the equipment. Many of these routers are built with a weak default passwords or contain software bugs that are still unpatched.

What makes VPNFilter particularly nasty is that it is difficult to remove. Restarting your router can temporarily remove the router-bricking and spying functions of the malware, but not all of the malicious code. In order to completely delete, you will need to start from a hard reset to restore the router to its factory settings. However, in order to prevent the re-infection, you will need to look at patching the router with some security update, your supplier can offer. PCMag has a guide for more details.

A full list of affected products can be found below.


  • RT-AC66U (new)
  • RT-N10 (new)
  • RT-N10E (new)
  • RT-N10U (new)
  • RT-N56U (new)
  • RT-N66U (new)


  • DES-1210-08P (new)
  • DIR-300 (new)
  • DIR-300A (new)
  • DSR-250N) (new)
  • DSR-500N (new)
  • DSR-1000 (new)
  • DSR-1000N (new)


  • HG8245 (new)


  • E1200
  • E2500,
  • E3000 (new)
  • E3200) (new)
  • E4200 (new)
  • RV082 (new)
  • WRVS4400N


  • CCR1009 (new)
  • CCR1016
  • CCR1036
  • CCR1072
  • CRS109 (new)
  • CRS112 (new)
  • CRS125 (new)
  • RB411 (new)
  • RB450 (new)
  • RB750 (new)
  • RB911 (new)
  • RB921 (new)
  • RB941 (new)
  • RB951 (new)
  • RB952 (new)
  • RB960 (new)
  • RB962 (new)
  • RB1100 (new)
  • RB1200 (new)
  • RB2011 (new)
  • RB3011 (new)
  • RB Groove (new)
  • RB Omnitik (new)
  • STX5 (new)


  • DG834 (new)
  • DGN1000 (new)
  • DGN2200
  • DGN3500 (new)
  • FVS318N (new)
  • MBRN3000 (new)
  • R6400
  • R7000
  • R8000
  • WNR1000
  • WNR2000
  • WNR2200 (new)
  • WNR4000 (new)
  • WNDR3700 (new)
  • WNDR4000 (new)
  • WNDR4300 (new)
  • WNDR4300-TN (new)
  • UTM50 (new)


  • TS251
  • TS439 Pro
  • Other QNAP NAS devices has organised a qts software


  • R600VPN
  • The TL-WR741ND (new)
  • The TL-WR841ND) (new)


  • NSM2 (new)
  • PBE M5 (new)


  • Unknown Models* (new)


  • ZXHN H108N (new)

This article originally appeared on

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most popular