Data-stealing router malware bypasses web encryption

A recently discovered strain of router malware appears to be much worse than thought. Cisco Talos has learned that VPNFilter can not only render devices unusable, but can bypass the SSL encryption you often see on the web. A module in the malware intercepts outgoing web requests to turn them into non-secure (that is, basic HTTP) requests, helping it steal sign-ins and other sensitive data when possible. It can also use man-in-the-middle attacks to insert hostile JavaScript into outside websites, and target devices beyond the router itself, such as PCs on the local network.

The rogue software targets many more devices than first thought, too. While a late May report focused on a handful of routers and network storage devices from Linksys, MikroTik, Netgear, QNAP and TP-Link, the vulnerability is now known to affect both more models from those brands as well as ASUS, D-Link, Huawei, Ubiquiti, Upvel and ZTE.

Significantly, VPNFilter isn’t just infecting every device it can. Symantec noted that it’s “particularly interested” in targets in Ukraine, suggesting that Russia or another politically motivated actor might be involved.

There are ways to minimize or eliminate the threat. MikroTik and Netgear note that newer firmware updates should protect against VPNFilter, and the FBI has seized a domain the malware used for its command and control system. QNAP has a malware removal tool. However, the scale of the threat is more than a little disconcerting, and there are many people and companies that rarely upgrade their firmware. It’s possible that a new variant could switch to a new domain and infect more devices with little resistance.

Source: Cisco Talos, Symantec

Post Author: martin

Martin is an enthusiastic programmer, a webdeveloper and a young entrepreneur. He is intereted into computers for a long time. In the age of 10 he has programmed his first website and since then he has been working on web technologies until now. He is the Founder and Editor-in-Chief of BriefNews.eu and PCHealthBoost.info Online Magazines. His colleagues appreciate him as a passionate workhorse, a fan of new technologies, an eternal optimist and a dreamer, but especially the soul of the team for whom he can do anything in the world.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.