Emerging Threats

VPNFilter malware now targeting even more router brands. How to check if you're affected.

Written by a NortonLifeLock employee


VPNFilter — the malware that infected more than half a million routers in more than 50 countries — may be more dangerous than researchers originally believed.

What's different now? At least three things:

  • Based on additional analysis, VPNFilter now is more powerful than originally thought and runs on a much broader base of consumer-grade and SOHO router models, many from previously unaffected manufacturers. To our knowledge, all the known vulnerable routers are from at least 10 router brands.
  • VPNFilter is able to add malicious content to the traffic that passes through affected routers, according to researchers. This allows it to install malware onto devices and systems connected to the routers.
  • The malware is showing new capabilities that can target and steal passwords and other sensitive information.

Keep your online activity more secure and private in one click

Norton Secure VPN helps prevent companies from tracking your online activities or location by encrypting your information on our no-log VPN.

Browse the web anonymously from Internet service providers and cybercriminals

VPNFilter malware targets certain router models from these brands:

  • Asus
  • D-Link
  • Huawei
  • Linksys
  • Mikrotik
  • Netgear
  • QNAP
  • TP-Link
  • Ubiquiti
  • Upvel
  • ZTE

How the FBI spotlighted VPNFilter

A quick recap. In a May 25 announcement, the FBI issued an urgent request for consumers to reboot their home Wi-Fi routers to help disrupt a massive foreign-based malware attack.

At the time, the FBI said foreign cybercriminals had compromised hundreds of thousands of small office and home Wi-Fi routers and other networked devices worldwide.

What does the VPNFilter threat mean to you?

VPNFilter poses several threats to small office and home routers, the FBI said.

Here's what the malware could do:

  • Render routers inoperable
  • Collect information passing through the routers
  • Block network traffic

The FBI said detecting and analyzing the malware's network activity is difficult.

How to help defend yourself from VPNFilter malware

The FBI recommends taking several steps. Here's what you should do:

  • Turn your router off, then back on. This may temporarily disrupt the malware and potentially help identify already-infected devices.
  • Consider disabling remote management settings on the device.
  • Secure the device with a strong, unique, new password.
  • Enable encryption.
  • Upgrade firmware to the latest available version.

It's a good idea to check the website of the manufacturer to see if your router may be affected. This is especially important since researchers are now saying VPNFilter affects more manufacturers of routers.

Compromised routers raise risks

Keep in mind that all your information passes through your router. That's why security is essential.

When your router is compromised, your privacy and the security of your devices can be at stake.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2023 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.

No one can prevent all identity theft or cybercrime.  Not all products, services and features are available on all devices or operating systems. System requirement information on

*Important Subscription, Pricing and Offer Details:

  • The price quoted today may include an introductory offer. After that, your membership will automatically renew and be billed at the applicable monthly or annual renewal price found here.
  • You can cancel your subscription at or by contacting Member Services & Support. For more details, please visit the Refund Policy.
  • Your subscription may include product, service and /or protection updates and features may be added, modified or removed subject to the acceptance of the Customer Agreement.

The number of supported devices allowed under your plan are primarily for personal or household use only. Not for commercial use. If you have issues adding a device, please contact Member Services & Support.

§ Dark Web Monitoring in Norton 360 plans defaults to monitor your email address only. Please login to the portal to review if you can add additional information for monitoring purposes.