How Can a Router Get a Virus?
A router can get a virus if hackers can get through the initial login screen and modify the router settings. In some cases, viruses can modify the embedded firmware that controls the router software. You don’t need to toss out an infected router—repair and then protect that device from further infections in the future. Two common router viruses that have infected thousands of routers in the past include the Switcher Trojan and VPNFilter.
How the Switcher Trojan Virus Infects Routers
The Switcher Trojan infects an Android smartphone through an app or by a click-through on a phishing email. After that infected Android phone connects to any Wi-Fi network:
The Trojan communicates with a central server to report the name of that network’s identification.It then attempts to log in to the router using the router brand’s default administrator password, as well as testing other passwords.If it logs in, the Trojan modifies the default DNS server addresses to a DNS server under the virus maker’s control.The alternative DNS server redirects all internet traffic from that Wi-Fi network through the new servers, which attempt to strip sensitive information like bank account and credit card details, login credentials, and more.Sometimes the fake DNS servers return an alternate website (like Paypal or your bank website) to scrape your login details.
How the VPNFilter Virus Infects Routers
VPNFilter infects home Wi-Fi routers in the same way Switcher Trojan does. Usually, a device connecting to the Wi-Fi network is infected, and that software penetrates the home router. This infection happens in three stages.
Stage 1: A malware loader infects the router firmware. This code installs additional malware onto the router.Stage 2: The stage-one code installs additional code that resides on the router and performs actions like collecting files and data from devices connected to the network. It also attempts to run commands remotely on those devices.Stage 3: The stage-two malware installs additional malicious plug-ins that do things like monitor network traffic to capture sensitive user information. Another add-on is called Ssler, which converts secure HTTPS web traffic (like when you log in to your bank account) into insecure HTTP traffic so that hackers can extract your login credentials or account information.
There are additional router viruses on the internet, and all follow the same tactic. These viruses first infect a device. When that device connects to a Wi-Fi network, the virus attempts to log in to the router using the default password or by checking for a poorly created password.
Does My Router Have a Virus?
If the following behaviors are happening on your network, there’s a chance your router could be infected.
How to Fix an Infected Router
To check if your router is infected, run a scan using available online tools. There are many of these available, but choose one that comes from a known and trusted source. One example is F-Secure, which scans the router and determines if a virus has hacked the router’s DNS settings. If your router is clean, you’ll see a message with a green background indicating that it’s clean. Another example is the Symantec scan that checks specifically for the VPNFilter Trojan. To run the scan, select the check box to indicate that you agree to the terms, and then select Run VPNFilter Check. If any scans indicate that your router is infected, take the following steps:
