VPNFilter malware was part of a nasty botnet that infected over half a million devices in over 54 countries.

Last Wednesday, The US Justice Department revealed how the FBI seized a domain that was hosting a botnet of 500,000 compromised home and office (SOHO) routers and network-access storage (NAS) devices in over 54 countries – These devices were developed by Linksys, TP-Link, MikroTik, and NETGEAR.

The department further stated that the domain ToKnowAll.com was being operated by a state-sponsored hacking group from Russia known as Fancy Bear who was using a highly advanced and sophisticated malware in their campaign – The malware was dubbed as VPNFilter.

Reboot your routers – Get rid of VPNFilter

The FBI, on the other hand, vowed to capture the Internet Protocol (IP) address of infected devices to alert targeted users. Today, in a statement the FBI has urged any owner of home and office (SOHO) router to reboot their routers to flush out VPNFilter.

“The FBI recommends any owner of small office and home office routers power cycle (reboot) the devices,” said the FBI. “VPNFilter is able to render small office and home office routers inoperable. The malware can potentially also collect information passing through the router.”

VPNFilter is a nasty malware

Simply put: All you have to do is reboot your router to get rid of the malware which not only spies on users but also steals credentials through Internet traffic. According to IT security researchers at Cisco:

“VPNFilter is an expansive, robust, highly capable, and dangerous threat that targets devices that are challenging to defend. Its highly modular framework allows for rapid changes to the actor’s operational infrastructure, serving their goals of misattribution, intelligence collection, and finding a platform to conduct attacks.”

List of router models infected with VPNFilter

The malware infected over half a million devices around the world in over 54 countries however its prime target was Ukraine. Here is a list of router models infected with VPNFilter malware.

Linksys E1200

Linksys E2500

Linksys WRVS4400N

Netgear DGN2200

Netgear R6400

Netgear R7000

Netgear R8000

Netgear WNR1000

Netgear WNR2000

QNAP TS251

QNAP TS439 Pro

TP-Link R600VPN

The FBI is also advising users to change their router’s login credentials, keep an eye on Internet traffic, update the router to latest available version of firmware and disable remote management settings on their devices.

Additionally, users can visit QNAP’s security advisory to follow recommendations to avoid possible exploits. Stay safe online.

Image credit: Depositphotos