- VPNFilter already infected over 500,000 devices across 54 countries.
- The malware primarily impacts routers.
The newly discovered and proliferate VPNFilter malware has already affected thousands of devices across the globe. Security researchers have now discovered that the devices impacted by the malware are also riddled with 19 other vulnerabilities.
VPNFilter is a multi-stage malware that is capable of rendering targeted devices completely unusable. The malware has already infected over 500,000 devices across 54 countries. Although VPNFilter primary impacts routers, it is known to affect over 70 models of devices, including Linksys, MikroTik, Netgear, and TP-Link.
Security researchers later discovered that the malware targets even more devices, including Asus, Huawei, D-Link, ZTE, Ubiquiti and Upvel, to deliver exploits and even override reboots.
VPNFilter is capable of stealing device credentials, executing shell commands to hijack and manipulate devices, create TOR configuration to access devices anonymously, download further malicious URLs and even brick devices. The malware can also monitor and intercept devices’ traffic.
19 new flaws exploitable by other malware
According to security researchers at Trend Micro, between July 1 to 12, numerous devices already affected by VPNFilter were found to also contain 19 other vulnerabilities. These flaws can be taken advantage of, not only by VPNFilter but also by other malware variants.
“At the time of our scanning, we observed that 34 percent of home networks had at least one device with a known vulnerability. We found that 9 percent of vulnerable devices are potentially affected by VPNFilter,” Trend Micro researchers wrote in a blog.
The 19 newly discovered bugs primarily affect routers, although the authentication bypass flaw and the file transfer protocol (FTP) flaw in the QNAP NAS firmware was found to mainly impact printers. Meanwhile other vulnerabilities such as the buffer overflow and stack overflow bugs could allow hackers to cause a denial of service (DoS) condition as well as execute arbitrary code.
“The threat of VPNFilter malware is augmented by the fact that other publicly known vulnerabilities were detected in the affected devices,” Trend Micro researchers said. “Since not all device manufacturers provide immediate fixes for discovered vulnerabilities and not all users regularly apply patches, users should first secure the way they set up their devices and networks.”
To stay safe from VPNFilter, users are advised to update the firmware version of their devices when they are made available.
Users should also avoid using public Wi-Fi on devices that are also used in corporate or home networks, as well as change their devices’ default credentials, employing strong passwords to deter unauthorized access.