FBI identifies Russian malware that could be infecting your Wi-Fi router

Paul L Dineen (CC-BY)


A report released on Wednesday by the Daily Beast revealed that the FBI has targeted a piece of Russian malware that could be infecting your home or office Wi-Fi router. 

The malware, called “VPN Filter,” is reportedly the work of Russian hacking group, Fancy Bear, which was also responsible for infiltrating the Democratic National Convention and the Hillary Clinton Campaign in 2016. The Daily Beast reports that security teams at Cisco and Symantec uncovered new details about the firmware, which is active in 54 different countries across the globe, including the United States.

Popular commercial routers like Netgear, TP-Link, MikroTik, and Linksys typically used for home and office internet capabilities provide Wi-Fi connections to multiple devices at a time. These same routers have been infected en masse by VPN Filter, which is programmed to steal internet-activity data from devices connected to these routers and ultimately cripple infected devices. As noted by a blog post on Talos the hack is an issue of internet security and vulnerability to similar attacks in the future. When weaponized, the firmware could potentially be the cause of deterred and unsafe internet access for millions.

The firmware uses the router’s connection to the internet to visit Photobucket, where photos with hidden codes are used to solidify the hack. If the program is unable to identify the now-deleted photos, it refers itself to a backup code that it finds on a hosting site called On Wednesday the site was handed over to the FBI for further investigation after being identified as an agent of criminal activity by Federal Judge Lisa Pupo Lenihan in Pittsburgh.

After FBI efforts, the firmware will no longer be able to recover as a threat should the user reboot their infected router. Reboots will now cue the router to reach out to the FBI rather than any Russian hackers originally involved with the firmware. Court filings say that the FBI is collecting the IP addresses, absent of browser histories or any other sensitive information, of devices compromised by the firmware in an effort to begin cleaning up the mess that the hack has created.

Update 3:00pm CT, May 25: The FBI has issued a formal warning to Americans, advising them to reset their routers in order to disrupt the firmware. The FBI says it’s affected 500,000 routers worldwide, the Hill reports.

H/T the Daily Beast

Onaje McDowelle

Onaje McDowelle

Onaje McDowelle is an editorial intern for the Daily Dot. He is studying journalism and African and African Diaspora Studies at the University of Texas at Austin. His work has appeared in Austin Monthly magazine, GoodMusicAllDay, and Orange magazine.