Earlier this week, Cisco's security team disclosed a Russian-developed malware called VPNFilter which compromised at least 500,000 routers built by Linksys, MikroTik, NETGEAR, and TP-Link as well as network-attached storage devices manufactured by QNAP. In addition to the threat protections rolled out by Cisco, the Federal Bureau of Investigation (FBI) has also released a public advisory calling on users of the affected networking devices to reboot the routers in order to destroy the malware.
According to Cisco, the malware is designed to steal website credentials passing through the routers and render the infected small office and home office devices useless. The FBI also said it's currently hard to detect the malware's network activity as it uses encryption and misattributable networks.
The router models affected by VPNFilter include:
- Linksys E1200
- Linksys E2500
- Linksys WRVS4400N
- Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
- Netgear DGN2200
- Netgear R6400
- Netgear R7000
- Netgear R8000
- Netgear WNR1000
- Netgear WNR2000
- QNAP TS251
- QNAP TS439 Pro
- Other QNAP NAS devices running QTS software
- TP-Link R600VPN
On top of a system reboot, the FBI also advises owners of the affected routers to switch off the remote management settings on their devices, use strong passwords for security, turn on encryption if available, and upgrade the devices to the latest firmware versions.