Cisco has warned of a new malware threat that has already infected 500,000 internet routers around the world, capable of self-destructing and bricking the devices.
Dubbed VPNFilter, the malware has hit broadband routers and Wi-Fi devices from Linksys, TP-Link and Negear, among others, across 54 countries. Cisco’s Talos security group says the malware is spreading at an “alarming rate” in Ukraine, hinting at an imminent cyber attack against the country.
While Talos hasn’t completed its research into the malware entirely, researchers said it was essential to warn the public at a time when attackers actively seek to expand their footprint by targeting the country specifically.
“In particular, the code of this malware overlaps with versions of the BlackEnergy malware — which was responsible for multiple large-scale attacks that targeted devices in Ukraine,” researchers wrote. “While this isn’t definitive by any means, we have also observed VPNFilter, a potentially destructive malware, actively infecting Ukrainian hosts at an alarming rate, utilizing a command and control (C2) infrastructure dedicated to that country.”
VPNFilter is a particularly menacing as a malware because it is hard to remove, persisting to turn up even after a reboot the device. When installed, the malware can download other programs to gather data that flows through the router, making it a tool for cyberespionage. Notably, the malware also contains a self-destruct kill switch that bricks the device with a ‘kill’ command.
“In most cases, this action is unrecoverable by most victims, requiring technical capabilities, know-how, or tools that no consumer should be expected to have,” Talos researchers added. “We are deeply concerned about this capability, and it is one of the driving reasons we have been quietly researching this threat over the past few months.”
As a solution, Symantec suggests a “hard reset” of the device to restore its factory settings, a move that should remove the malware. Most devices fundamentally have a physical reset switch on the router.