New VPNFilter Malware Contains Kill Switch, Infects Over 500,000 Devices

By on

Routers are the driving force behind a lot of our modern-day internet use. They power our Wi-Fi, and therefore our internet-connected devices. We rely on them day in and out, entrusting them with some of our most personal information. So when they’re attacked, it can be cause for concern. Just today, that precise scenario has come to life, as it has been discovered that more than half a million routers and storage devices in dozens of countries have been infected with a piece of highly sophisticated IoT botnet malware called VPNFilter.

Named after the directory the malware uses to hide on an infected device, VPNFilter first makes its way into a device through a reboot. Once it’s inside, it gains a foothold on the infected device and then deploys the malware.

VPNFilter has been designed with versatile capabilities, it attacks routers and other network-connected devices in order to steal credentials and other information exchanged across the network. It even contains a kill switch for routers, which means an attack could stop internet access for any devices tapping into that router.

So far, over 500,000 devices have been infected by the malware in over 54 countries. Therefore, with this attack spreading rapidly, it’s important to take security steps immediately in order to stay protected from VPNFilter. To do just that, follow these tips:

  • Update your router’s firmware. Router manufacturers are already working to make patches that will help protect users against this malware. Therefore, make sure you regularly update your router’s firmware, as these fixes are typically included within each update.
  • Be careful with what information you share. Since this malware can steal the data exchanged across your Wi-Fi network, it’s crucial you get selective with the information you do share for the time being. This means personal details, such as addresses, personally identifiable information, and financial data.
  • Use comprehensive security. Even though this attack largely goes after routers, it’s important you still lock down all your devices with an extra layer of security. To do just that, use a comprehensive solution such as McAfee Total Protection.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

Categories: Consumer Threat Notices
Tags: ,

7 comments on “New VPNFilter Malware Contains Kill Switch, Infects Over 500,000 Devices

  • Marlene N Jennerjohn says:

    have not had a reply to my inquiry about being charged $32.10 for the $29. offer. I have been charged but I keep seeing that my account has not been renewed. Please let me know what the problem is. Thank you.

    • Hi Marlene, We can help you with that! Our customer service team is available to help resolve out your account issues and make sure you have access to everything you’re entitled to. You’ll find contact options at

  • I share router with husband who constantly falls for scams.
    does this put me at risk too?
    thank you, judy holly

  • BJ Stephenson says:

    Won’t my McAfee Livesafe keep the router from infecting my computer or from getting my sensitive info from my computer?

    • It’s wise to keep your LiveSafe product updated to protect your PC from the latest threats. With so many smart devices in our homes today, McAfee Secure Home Platform can also help protect your connected home at the gateway.


Leave a Comment

Similar articles

This post was written with contributions from the McAfee Advanced Threat Research team.   The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee® Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download ...
Read Blog
Pay-per-install, or PPI for short, is a type of software program that presents users with third-party offers while they are in the middle of another download. If a user clicks on the third-party advertisement, the software developer earns money from the download. One specific PPI program has caught the attention of our McAfee ATR team, ...
Read Blog
For the past 18 months, McAfee Labs has been investigating a pay-per-install developer, WakeNet AB, responsible for spreading prevalent adware such as Adware-Wajam and Linkury. This developer has been active for almost 20 years and recently has used increasingly deceptive techniques to convince users to execute its installers. Our report is now available online. During ...
Read Blog