Router malware: how to tell if your router is infected

How can a router get a virus?

You can buy a router for anything from $20 to several hundred dollars. Cheap options have poor security, their firmware can’t be updated automatically, and it’s easy to attack them. While high-end routers are more secure, they can also be hacked.

Many people use default passwords on their routers and don’t bother to change them. Perpetrators can crack your password, connect to the router, modify its settings, and infect the whole network with viruses. A single router can support your phone, laptop, smart home system, or even your electricity meter. It gives hackers a wide range of possible attack vectors, and by the time you notice that something’s wrong, it might already be too late.

Router virus examples

VPNFilter is one of the most notorious pieces of router malware. It has infected more than half a million routers and network-attached storage drives in more than 50 countries since 2016. This virus exploited known system vulnerabilities to install malware on affected devices and even steal users’ sensitive information such as passwords and credit card details. VPNFilter is very persistent, as it still can damage your network after a router is rebooted and it takes effort to remove malware from your router.

The attacks can also be conducted the other way around: perpetrators can hack your phone and then infect your router. This is exactly how the Switcher Trojan works. In 2016, hackers created a few fake Android apps that impersonated Baidu (a Chinese search engine) and a Wi-Fi password sharing app. Once they got into the person's phone and managed to connect to a router, they changed the default DNS server address to a malicious one. This caused the victim’s traffic to be redirected so that hackers could see everything they do online.

How to tell if your router is infected

Your computer is running slow. If you noticed that your computer is lagging or even crashing, it’s one of the first signs that you have a virus. Viruses, whether they reside on your router or a hard disk, consume your computing resources, but it’s not always easy to notice the difference.

Unknown programs on your device. Hackers can install all types of software to monitor your activities and steal your credentials. It might even be hard to tell if you have any unwanted visitors. Even a thorough check of your program list may not be enough.

Your DNS server address is changed. If you don’t recognize your DNS server address, there’s a chance that it was changed to one operated by hackers.

You are redirected to websites you didn’t want to visit. Your compromised router can redirect you to fake or unwanted sites. Hackers want you to click on the malicious links on those websites, download malware, and reveal even more sensitive information. They can also set fake sites of popular services, making you believe that you’re communicating with the original ones.

Fake antivirus messages appear. If suspicious messages and pop-ups start to appear out of the blue while you’re browsing, it could be that your router has been infected. A criminal can hack your router and redirect you to fake websites designed to convince you that you have malware. In reality, you might end up paying for a useless antivirus software or even have your credit card details stolen.

You can’t access certain services. A hacker can change your passwords, so they can be in control of your accounts and extract sensitive information. If you’re sure that your credentials are correct, but you can’t login, this might be a sign of an infected system.

How to remove a virus from your router

1. Reset your router to factory settings

   If you’re confident that you have a virus on your router, resetting it to factory settings may delete most malware.

2. Change your passwords

   If your router has been compromised, you need to change all your passwords. Start from your administrator credentials and then move to your accounts. Avoid short passwords such as “kangaroo” or “james200” as hackers can crack them in a snap. Look at no less than 12-character passwords and be sure to use special symbols and numbers along with lower- and uppercase letters.

3. Scan the infected device

   Whether it’s your phone or computer that has been infected through your router, you need to perform a full scan of your system. Use a dedicated antivirus software to search for anything suspicious. Otherwise, a virus can sit silently on your machine and continue doing its dirty job.

4. Update your firmware

   While your router might have the latest firmware version installed, it’s better to check this for yourself. You can download the updates from the manufacturer's website.

5. Secure your router with a VPN

If you’re looking for extra security, configure a VPN for your router. It will mask your IP address and encrypt traffic, thus mitigating the risk of getting attacked again. Not all routers are VPN-compatible, but if they are, you can use a VPN to protect your whole router network with encryption.

Alternatively, a VPN on your device can keep you safe from any snoopers using a router to snoop on your traffic. However you want to use it, a VPN will go a long way towards helping to keep you safe.

Protect your router and enhance your privacy with a VPN.