Cisco Talos researchers identified malware they dubbed the ‘VPNFilter’. It enables the infection of SOHO routers. For the time being, it has been revealed that the issue applies to devices of such manufacturers as: Linksys, Mikrotik, Netgear, Qnap and Tp-Link. Particular malware activity was observed in the Ukraine. However, it is estimated that there are approximately 500 000 devices exposed worldwide.
New VPNFilter mode of operation
The innovative feature of this software is that it modifies the firmware of the infected device. This means that restarting will not remove the malicious code.
Intercept transmission
The software is of modular framework. The conclusions drawn based on identified modules show that cybercriminals can intercept traffic through these devices and capture data of interest to them, e.g., logins, passwords, etc.
Source: Talos Intelligence Blog
—
Do you need cybersecurity solutions for your company – then contact us.
