The Russian malware threat, Cytek originally reported on earlier this year, is bigger than originally thought. The discovery of seven new modules puts smart device users at a much greater risk.
Who’s Behind the Threat:
The United States Federal Bureau of Investigation has pinned the malware attacks on Russian hacker group, Fancy Bear. Fancy Bear has compromised hundreds of thousands of routers and networks in 54 different countries. The group has previously been linked to malware attacks such as those on the Democratic National Committee, the World Anti-Doping Agency, and the PyeongChang Olympics.
How VPNFilters Work:
VPN malware targets a range of routers and network-attached storage (NAS) devices with known weaknesses. It works by installing itself on a router where it can then execute commands, collect data, and render the device unusable.
Researchers have now discovered that the malware has seven new modules:
These modules expand the functionality of the VPNFilter, increasing its ability to compromise data and conceal data filtering. The malware is believed to be able to maintain its presence on a device even after a reboot.
How to Protect Yourself:
We recommend that owners of these vulnerable devices reboot their devices to temporarily disrupt the malware. Owners should also use strong passwords and encryption and disable remote management settings. Updating devices to the latest available versions of firmware is also strongly advised.
If the malware has already infected your device, a hard-reset to factory settings will remove the VPNFilter. After a reset, the owner of the device should change all existing login credentials and update system.