A couple of weeks ago I reported about a Russian malware (VPNFilter) that was infecting a large number or routers from different vendors. This week I have bad news to report because this malware is far more widespread than originally thought. More vendors have been added to the vulnerable list and additional models from already named vendors have been added as well. Take a look at the
source and you'll be able to see if your router is vulnerable. The researchers believe the criminals controlling VPNFilter are profiling endpoints to pick out the best targets, and will swipe confidential information in transit where possible. The code snoops on the destination IP address, to help it identify valuable traffic such as a connection to a bank, as well as visited domain names. It also attempts to downgrade secure HTTPS connections to unencrypted forms, so that login passwords and the like can be obtained.