It has been just reported that a dangerous malware called VPNFilter is targeting increasing number of makes and models of devices, with its additional capabilities like secretly injecting malicious content over web traffic through an infected router. This capability, called SSLER lets VPNFilter stage a kind of man in the middle attack, with an aim to spy on victims to steal sensitive data. Using this capability, SSLer allows the actor in delivering exploits to endpoints.
It has been found out that this malware is continuously targeting more makes and models of devices. With its additional and increased capabilities, exploits can now be delivered to end points and reboots can be overridden.
WHAT IS VPNFILTER Malware?
VPN Filter is a sophisticated malware which uses known vulnerabilities to infect routers made by Linksys, MikroTik, Netgear, QNAP and TP-Link. Once installed, the malware uses a central infrastructure to install specialized plug-ins on the router. One plug-in allows hackers to listen to their victims’ Internet traffic to steal their Web identifiers; another one targets a protocol used in industrial control networks, such as in the power grid. A third plug-in allows attackers to paralyze any or all infected hardware. Together, all of the infected units in dozens of countries make up a 500,000-router strong botnet.
Reference by Gajshield.com