New VPNFilter malware targets routers and NAS boxes worldwide

News
By published

More than 500,000 home and small-business devices already infected

Skull and Bones
Image Credit: Pixabay (Image credit: Pixabay)

A virulent new strain of malware has infected more than half a million consumer and small-business networking devices, it has been revealed. 

Dubbed 'VPNFilter', according to researcher’s at Cisco Systems' security division, Talos, the infection targets numerous routers and network-attached storage (NAS) devices from major manufacturers such as Netgear, QNAP, TP-Link and Linksys. 

The malware is able to spy on network traffic and potentially steal website usernames and passwords, and can also be used to ‘brick' infected devices, rendering them inoperable.

Although the exact creator of the malware is as yet unknown – and if other recent attacks are an indication, it will likely remain so – after working with law enforcement as well as private- and public-sector partners, Cisco has stated that the "sophisticated modular malware system” appears to be the work of a state-sponsored or state-affiliated actor.

Target local, spread global

The malware’s creators appear to be focused on infecting devices located within Ukraine, although the virus has been discovered hiding on equipment located in 54 countries across the globe. 

Certain parts of the code used in VPNFilter match that found in an earlier malware strain called BlackEnergy, which also heavily targeted Ukrainian devices and was used in several large scale attacks.

The malware is designed in such a way that it can have additional capabilities added after the initial device infection and, unlike many other viruses targeting Internet of Things gear, it could initially persist after a device had been rebooted – although, according to The Daily Beast, the FBI has reportedly managed to seize a server being used by the botnet, which has subsequently disabled VPNFilter's ability to reactivate itself after a reboot.

Cisco recommends that infected users reset their devices to factory defaults and then reboot them, which should remove the "potentially destructive, non-persistent stage 2 and stage 3 malware".

The networking company has also released the model numbers of devices known to be at risk of infection, but warns that the current list is likely incomplete, and that other devices are almost certain to be added:

  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • TP-Link R600VPN
TOPICS
Dan Gardiner
Dan Gardiner
Managing Editor – APAC

Dan is a veteran Australian tech journalist with more than 20 years industry experience. He cut his teeth in the world of print media, starting as a product reviewer and tester and eventually working his way up to become editor of the two top-selling tech mags Down Under (TechLife and APC) and has been managing TechRadar's APAC presence since 2016. He's passionate about most things tech, but is particularly opinionated when it comes to PC hardware, phones, ereaders, video games and online streaming. When he's not staring at screens, Dan loves to spend time cooking – particularly spicy Thai food. (If it's not hot enough to bring tears to your eyes, he's not interested.)

Latest in VPN Privacy & Security
Demonstrators protesting against the arrest of the Mayor of Istanbul Ekrem Imamoglu block Atatürk Boulevard on March 22, 2025 in Ankara, Türkiye.
Turkey's social media ban has been lifted, but VPN usage is still high
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
Digital hand set location on map with two pins. AI technology in GPs, innovation delivery, map location, future transport logistic, route path concept. GPs point. New office location, change address
What does your IP address reveal about you?
A stethoscope next to a laptop on a pink background
How to check if your VPN is working
Teenager playing on a gaming PC with two monitors
Is using a VPN while gaming cheating? 5 myths you shouldn't believe about gaming with a VPN
Neon blue email symbols on a black background
Why am I suddenly getting so many spam emails?
Latest in News
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
More about vpn privacy security
NordVPN CTO Marijus Briedis speaking at a panel during RightsCon 2025 in Taipei, Taiwan, on February 25.

Cyber threats are evolving everywhere – and "prevention alone is insufficient," says NordVPN CTO
Proton CEO and founder Andy Yen poses next to the Proton logo at the headquarters of the encrypted email and VPN services company in Geneva.

Encryption backdoors: privacy can be misused, "but the cost of a world without is so much higher"
Assorted Apple and Asus laptops on orange background with big savings text overlay

These are the 16 laptop deals I'd recommend to anybody in the spring sales – including MacBooks and gaming laptops
See more latest
Most Popular
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
Render of a new RTX 4000 Max-Q gaming laptop.
I can't say I'm surprised, but Nvidia's RTX 5090 laptop GPU has a big performance leap over its predecessor, according to early benchmarks
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Apple Music on a tablet, showing a new Listening Guide feature
Apple Music Classical just got 3 excellent perks in its biggest upgrade since launch
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Quick move in Civ 7.
Sid Meier's Civilization 7 update 1.1.1 is here and it finally adds a setting that I've wanted since day one