Tech colossus Cisco has revealed that an unpleasant strain of malware has infected half a million consumer and small business routers across the globe. The VPNFilter malware, which is rumoured to be Russian state-sponsored, can resist rebooting, attack other machines, harvest communications and even has the capacity to kill an infected device.
Cisco has been carrying out clandestine surveillance on VPNFilter for some time but, due to a worrying escalation in its activities, has opted to go public before its investigations are fully completed. As a result, the FBI has pounced on a Russian server that was delivering a second wave of malware to infected devices.
The affected routers are manufactured by Linksys, MikroTik, Netgear, TP-Link and QNAP. Detecting whether a router has been compromised in not straightforward. Any concerned users should at least reboot their computers, and ideally implement a factory reset. Other precautions include changing default passwords, running the latest firmware and disabling remote administration.