Replies

Recently, an NSA cyber security guy came out and said that rebooting our wifi did not, in most cases, remove the malware from the router itself and called on internet services companies to provide their users with instructions on how to do so.

If a router has this malware on it, it can defeat VPN (privacy software) and can launch destructive malware onto connected computers, expose personal information, participate in bot attacks, and delete evidence of its presence before permanently disabling the wifi. These seem to be capabilities custom made for black hats that want the ability to utilize users’ computers in widespread attacks and bring down websites or shut down Internet access to many simultaneously.

The malware is called VirtualVPN. Initially the public was advised to reboot their wifi device to remove it, but that only removes two stages of the malware and the remaining stage continually “refreshes” the infection of the WIFI and connected devices.

I’m having trouble finding the updated list of affected routers - supposedly more are affected than are listed. While there are more recent lists of affected routers - this article includes a list from May:

https://www.pcmag.com/news/361431/is-your-router-vulnerable-to-vpnfilter-malware

This article includes information on how to remove it:
https://www.wikihow.com/Remove-VPNFilter-Malware-from-Your-Router