VPNFilter is worse than we thought: Rumours of the malware’s death have been greatly exaggerated
You may remember VPNFilter, a vicious malware said to infect some 500,000 routers mostly in Ukraine. It could steal website credentials and cause infected devices to self-destruct. It was so serious that the FBI got involved, becoming the world’s IT department with the tried and tested advice that everyone should turn it off and on again.
Hard to believe as it is, that advice hasn’t helped. In fact, it may have made things worse by suggesting such a persistent malware could be so easily defeated. “I’m concerned the FBI gave people a false sense of security,” Cisco’s Craig Williams told Ars Technica.
Worse, it seems to extend beyond the devices originally considered vulnerable. You can add routers from Asus, D-Link, Huawei, Ubiquiti, Upvel and ZTE to the list. While the malware is still quite picky about the devices it latches onto (Ukraine is still the target, which makes this look suspiciously state-sponsored), it does seem that the original 500,000 estimate was on the optimistic side.
The FBI has seized a domain that the malware was used for command and control, while some newer firmwares protect against the attack. Still, given many companies and individuals literally never update their router firmware, a switch of domains could see the malware spread extending even further very quickly.