That’s right, the VPNFilter Malware is back and it looks like previous advise to reboot your router doesn’t protect you from the threat. Besides that the malware runs on much more router base models it is also has other capabilities like man-in-the-middle-attack, override reboots and does this without victim’s awareness. According to Cisco Talos research that discovered a new 3 stage module that injects ( JavaScript injection ) malicious content into the web traffic as it passes via a network device: “With this new finding, we can confirm that the threat goes beyond what the actor could do on the network device itself, and extends the threat into the networks that a compromised network device supports,†said the article post. List of newly identified routers models targeted by VPNFilter malware: Asus: RT-AC66U, RT-N10, RT-N10E, RT-N10U, RT-N56U, and RT-N66U. D-Link: DES-1210-08P, DIR-300, DIR-300A, DSR-250N, DSR-500N, DSR-1000, and DSR-1000N. Huawei: HG8245. Linksys: E1200, E2500, E3000 E3200, E4200, RV082, and WRVS4400N. Mikrotik: CCR1009, CCR1016, CCR1036, CCR1072, CRS109, CRS112, CRS125, RB411, RB450, RB750, RB911, RB921, RB941, RB951, RB952, RB960, RB962, RB1100, RB1200, RB2011, RB3011, RB Groove, RB Omnitik, and STX5. Netgear: DG834, DGN1000, DGN2200, DGN3500, FVS318N, MBRN3000, R6400, R7000, R8000, WNR1000, WNR2000, WNR2200, WNR4000, WNDR3700, WNDR4000, WNDR4300, WNDR4300-TN, and UTM50. QNAP: TS251, TS439 Pro, and other QNAP NAS devices running QTS software. P-Link: R600VPN, TL-WR741ND, and TL-WR841N. Ubiquiti: NSM2 and PBE M5. ZTE: ZXHN H108N.
For more tutorials, news, and resources on hacking and cybersecurity, visit our blog at DarkbyteGear.com.