By now you’ve probably heard about the dangerous VPNFilter malware that’s attacking routers all over the globe.
If you haven’t, this is an insidious strain of malware that could potentially allow a hacker to take control of your router and use it for a wide variety of illicit purposes.
What’s more, the malware can even remove itself after a time and brick your router in the process.
So far the VPNFilter malware has only been detected in a relatively small list of routers:
- Linksys E1200
- Linksys E2500
- Linksys WRVS4400N
- Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
- Netgear DGN2200
- Netgear R6400
- Netgear R7000
- Netgear R8000
- Netgear WNR1000
- Netgear WNR2000
- QNAP TS251
- QNAP TS439 Pro
- Other QNAP NAS devices running QTS software
- TP-Link R600VPN
Be aware that just because your particular router might not be on this list that doesn’t mean you’re completely out of woods. The research is on-going and more routers are likely to be added to the list as VPNFilter infections are discovered in additional devices.
What’s intriguing about this new strain of malware is how it attacks a router in stages.
Most malware infections occur immediately when a vulnerable device encounters the malicious code, but VPNFilter is different.
VPNFilter is a three-stage attack:
1 – The malware installer in loaded onto the router.
2 – The malware is activated and phones home to the hackers.
3 – One of several malicious “modules” is sent to the now-infected router, depending on what the hacker intends to do with the compromised router.
The fact that the malware is delivered and activated in stages is actually a good thing for the owner of the device. If the router can be rebooted before the malware is activated in stage 2, that ends the threat.
The problem is it can be difficult to determine whether VPNFilter was activated on your router or not.
Just to be safe, I recommend that you follow the steps below even if your router isn’t on the above list AND you haven’t noticed any changes in the way it operates.
1 – Reboot the router. Simply unplug ALL the cables from it and letting it sit idle for 2 minutes, then reconnect the cables and let it boot back up. That should wipe out the VPNFilter malware installer IF it hasn’t already been activated on the device.
2 – If you want to be 100% sure there is no malware on your router you can perform a factory reset on it. Your router’s user manual should explain how to reset it. If you don’t have the manual this post explains how to get a digital copy of it.
3 – Choose a strong access key (password) for your Wi-Fi network. This post explains how.
4 – Follow the steps in this post to run a thorough series of malware scans on your PC just in case an infected router caused malware to be downloaded onto it as well.
Bottom line: The dangerous VPNFilter malware has already infected numerous routers in multiple countries. The steps listed above can help ensure that your router is safe from that threat and working properly.
Bonus tip: Want to make sure you never miss one of my tips? Click here to join my Rick’s Tech Tips Facebook Group!
Want to ask Rick a tech question? Click here and send it in!
If you found this post useful, would you mind helping me out by sharing it? Just click one of the handy social media sharing buttons below.