router malware | Breaking Cybersecurity News | The Hacker News

Security researchers have discovered even more dangerous capabilities in VPNFilter —the highly sophisticated multi-stage malware that infected 500,000 routers worldwide in May this year, making it much more widespread and sophisticated than earlier. Attributed to Russia's APT 28, also known as 'Fancy Bear,' VPNFilter is a malware platform designed to infect routers and network-attached storage devices from 75 brands including Linksys, MikroTik, Netgear, TP-Link, QNAP, ASUS, D-Link, Huawei, ZTE, Ubiquiti, and UPVEL. In May, when VPNFilter infected half a million routers and NAS devices in 54 countries, the FBI seized a key command-and-control domain used by the malware and asked people to reboot their routers. Initially, it was found that VPNFilter had been built with multiple attack modules that could be deployed to the infected routers to steal website credentials and monitor industrial controls or SCADA systems, such as those used in electric grids, other infr...

Last month we reported about a widespread crypto-mining malware campaign that hijacked over 200,000 MikroTik routers using a previously disclosed vulnerability revealed in the CIA Vault 7 leaks . Now Chinese security researchers at Qihoo 360 Netlab have discovered that out of 370,000 potentially vulnerable MikroTik routers, more than 7,500 devices have been compromised to enable Socks4 proxy maliciously, allowing attackers to actively eavesdrop on the targeted network traffic since mid-July. The vulnerability in question is Winbox Any Directory File Read (CVE-2018-14847) in MikroTik routers that was found exploited by the CIA Vault 7 hacking tool called Chimay Red , along with another MikroTik's Webfig remote code execution vulnerability. Both Winbox and Webfig are RouterOS management components with their corresponding communication ports as TCP/8291, TCP/80, and TCP/8080. Winbox is designed for Windows users to easily configure the routers that download some DLL files ...