VPNFilterEditor’s Note: This post was updated on June 7, 2018 to detail additional threats the VPNFilter malware poses.

On May 25, the FBI issued a warning regarding malware-infected routers. Dubbed VPNFilter, this malware is believed to have affected at least 500,000 devices and put them under control of a botnet that’s likely managed by Russian state-actors. Want to know more? We’re explaining what VPNFilter is and describing how you can protect your systems from it.

What is VPNFilter?

VPNFilter is a piece of malware that has been studied by researchers from Cisco Talos, a threat-intelligence group, for the past few months. The revelation of VPNFilter comes right on the heels of an announcement detailing an escalation of hacking attempts carried out by Russian actors. While research on the malware isn’t yet finished, the size and scope of the malware encouraged researchers to notify the public. Not only has VPNFilter infiltrated hundreds of thousands of routers, but the malware is present in at least 54 countries, giving the hackers a wide range of options when deploying the malware. Perhaps the most alarming capabilities of the malware are its ability to sniff network traffic to gather sensitive information, blocking traffic and even breaking the routers, similar to previous IoT botnets.

At its most advanced stages, the malware can conduct what is known as a man-in-the-middle attack where third-parties can eavesdrop on your online activities. It also designed to very specifically sniff out sensitive information like passwords in order to record and share this information. Beyond that, the malware can even tamper with your browser’s security to change what you see and interact with using your browser (much like many of the hacks carried out over public Wi-Fi).

What’s being done about VPNFilter?

The FBI has taken an active role in attempting to identify the source of the malware while mitigating some of its worst effects. On Wednesday, May 23, the FBI announced that it seized control of the domain used to administer the botnet (a technique known as sinkholing). While this doesn’t defeat the infection, it severely cripples it. Now when the malware “phones home” for its commands, it will contact a server controlled by the FBI. The FBI can then use the domain in their possession to see what devices are infected and prevent them from receiving the payload, or code needed to execute any malicious actions. Additionally, a list of affected routers has been created, although the FBI is urging anyone with any router to take action as a precaution. Still, even with the progress the FBI and researchers have made, the malware is proving challenging to completely understand and contain. Some manufacturers are providing router firmware updates in the meantime, but configuring routers is something that tends to be a technical task that’s unfamiliar to many users. Given this and recent developments in the story, it’s likely that we haven’t heard the last of VPNFilter or other similar malware that could be lying in wait.

How should I take action against VPNFilter?

On Friday, May 25, the FBI issued the statement imploring consumers to “reset” their routers in order to revert the malware to its simplest and least harmful stage. Although the advice of turning your router off, unplugging it and plugging it back in a 15 to 60 seconds later – known as power cycling – is what the FBI has recommended, some are calling its effectiveness into question. These other experts are recommending users do a hard reset to their routers in order to restore the default factory settings. Most routers have a tiny button you can hold down for a few seconds with a pin or small piece of wire. Keep in mind, this factory reset will wipe any custom settings you or your Internet provider have created. If you’re technically inclined, you might also want to download the latest firmware for your router and change its default password. Even if you don’t know how to do this, ideally, you should be able to find someone else to do this for you or explain how you can do it (especially if your router was one of the vulnerable models) because these actions will sure up router’s security.

This story is still developing, so make sure to continue reading our technology blog for updates on this and other critical tech-related news.