The VPNFilter malware that was said to put over 500,000 routers at risk is being reported as more dangerous than what initial reports suggested. The number of devices that can be exploited by the malware is much larger, and the list of devices includes a range of commonly used routers.
A new module has been discovered in the malware that can downgrade HTTPS protection on infected routers. It can also deliver payloads that can be used to exploit systems and steal private data including passwords and web browsing information.
The VPNFilter malware works by manipulating internet traffic, and attackers have full access to incoming and outgoing data. Despite the command and control unit being shut down by the FBI weeks ago, the malware is already out in the open and attackers can use it to target users across the globe.
The security team from Cisco published a detailed report on the botnet claiming that the number of vulnerable devices is much larger than what was initially presumed. Most of the affected devices are home and small-office routers, NAS storage devices and network switches. Hackers are able to get access to the routing devices and manipulate network data without leaving traces of an attack.
The security team detailed that the initial analysis by the team led to the assumption, the botnet was meant for routing attacks. However, the botnet can not only affect incoming and outgoing data but also modify bank account balances after stealing your money not to raise suspicion, or even steal PGP keys. All of this is made possible by downgrading the HTTPS protocol to HTTP, which is far less secure and unencrypted. If the attack is in the stage 1 phase on an infected device, simply resetting the router with a hardware button will fix it. However, if the exploit is in stage 2 or 3 users need to contact their hardware manufacturers for assistance.