That Russian malware that infected over 500,000 devices is even worse than we thought
A few weeks ago we learned that a piece of sophisticated malware called VPNFilter infected more than 500,000 routers and other devices around the world. VPNFilter was spotted in some 54 countries, but an increase in activity in Ukraine suggested the malware was created by Russian intelligence looking to disrupt Ukraine either ahead of the Champions League final in late May, or before local celebrations in late June.
The Kremlin denied any involvement in VPNFilter, of course. Since then, the FBI issued a warning to Internet users to restart their routers. Cisco’s Talos security team is now back with more details on VPNFilter which reveal the malware is even more dangerous and scary than we thought.
VPNFilter targets even more devices than it was first reported including models from ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE, as well as new models from manufacturers that were already targeted including Linksys, MikroTik, Netgear, and TP-Link. Up to 200,000 additional routers around the world are at risk of being infected.
That’s not all.
Cisco discovered that the malware could perform man-in-the-middle attacks. That means the malware can inject malicious content in traffic that passes through the infected router and its targets.
Similarly, it can steal login credentials that are being transmitted between a computer and a website. The usernames and passwords can be copied and sent to servers controlled by the hackers. How is that even possible? VPNFilter downgrades HTTPS connections to HTTP, which means the malware is essentially looking to bypass encryption.
Cisco thinks that the VPNFilter threat is bigger than initially believed.
“Initially when we saw this we thought it was primarily made for offensive capabilities like routing attacks around the Internet,” Talos’ Craig Williams told Ars Technica. “But it appears [attackers] have completely evolved past that, and now not only does it allow them to do that, but they can manipulate everything going through the compromised device. They can modify your bank account balance so that it looks normal while at the same time they’re siphoning off money and potentially PGP keys and things like that. They can manipulate everything going in and out of the device.”
The attacks appear to be incredibly targeted, as the hackers are looking for specific things. “They’re looking for very specific things,” Williams said. “They’re not trying to gather as much traffic as they can. They’re after certain very small things like credentials and passwords. We don’t have a lot of intel on that other than it seems incredibly targeted and incredibly sophisticated. We’re still trying to figure out who they were using that on.”
But wait, there’s more. The malware can also download a self-destroy module that wipes the device clean and reboots the device.
Getting rid of VPNFilter isn’t an easy task. The malware is constructed in such a way that a Stage 1 attack acts as a backdoor on devices that can be infected, and is used to download additional payloads, Stages 2 and 3, which bring over the more sophisticated features, including man-in-the-middle-attacks and self-destruction.
All routers owners should assume from the start that their device has been infected, and perform a factory reset, Arssays, followed by a software update that could remove the device’s vulnerabilities to Stage 1 infection. Changing default passwords is also advised, as is disabling remote administration. Rebooting the device like the FBI asked might not be enough, however.
Read Ars Technica’s full report at this rink, with the Cisco Talos’s complete description of VPNFilter available here.
For more on this story go to: http://bgr.com/2018/06/07/vpnfilter-malware-security-threat-fix/
Malware is a very annoying thing, it can destroy your computer also can steal your documents. To prevent it you must research about the what type of malware you getting. For that, there are lots of antivirus in the market, so you can protect your computer from malicious software. I am also facing this problem and after doing some research I finally fix the problem.
Follow the steps given here to fix java error code 1618 appearing error while deoploying java.
it is also essential to enter the application stores and download the official Amazon Prime Video application My TV is an Amazon program that offers a simple interface to the My TV service through Amazon’s own websites and software programs. As previously noted, the program uses a simple web interface which enables the user to watch various television stations in the United States and Canada.
Awesome article. Thank you so much for sharing with us. keep sharing this type of articles in future..