Hundreds of Networks Still Host Devices Infected With VPNFilter Malware


Level 85
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
The VPNFilter malware is still present in hundreds of networks and malicious actors could take control of the infected devices, according to researchers at cybersecurity firm Trend Micro.

First identified in 2018 and mainly focusing on Ukraine, VPNFilter rose to fame quickly due to the targeting of a large number of routers and network-attached storage (NAS) devices from ASUS, D-Link, Huawei, Linksys, MikroTik, Netgear, QNAP, TP-Link, Ubiquiti, UPVEL, and ZTE. [...]
“It is important to remember that because these are routers and other similar types of devices, this number also represents thousands of infected networks, not simply individual machines. This means that the reach and visibility for attackers with a botnet like this can be substantial,” Trend Micro says.
The security researchers also decided to check if it would be possible to feed a new IP address to infected devices, to see how many of them were still waiting for a second-stage payload. They crafted a packet, sent it, and noticed that 1,801 networks did respond to it, while 363 of the networks reached back to the sinkhole on port TCP 443.
“Although only 363 networks connected back to our sinkhole, we cannot assume that the 1,801 networks that gave us an initial positive response are clean. They might still be infected by VPNFilter, but the connection to our sinkhole could have been blocked if they are behind a firewall,” Trend Micro says.
The networks that reached out, the researchers say, can easily be taken over by any threat actor with knowledge of how the VPNFilter malware works, and there’s nothing to prevent that, from a technical perspective. The original actor too can regain control of these devices at any point in time, the researchers say.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.