New capabilities uncoveredInitially thought to be a fairly standard botnet, which would use infected gear to wage cyber attacks on other targets, Cisco’s Talos Intelligence Group has since uncovered new capabilities in the malware– ones which could put owners of infected routers at greater risk.
In particular, a module called ‘ssler’ seems specifically designed to compromise internet traffic being sent to and from an infected router. The module uses a ‘man in the middle’ style attack that attempts to downgrade secure HTTPS web traffic so that data is sent over HTTP as unencrypted plaintext, which makes sensitive information such as logins and passwords much easier to intercept and capture.
Cisco has not revealed a total number for how many additional devices it now believes could be infected, but has said that despite earlier warnings that users should reboot at-threat devices, the malware still persists in the wild and that the threat "continues to grow”.
Cisco provided an updated list of devices that could be affected, so if you own one of the below, you’re strongly advised to reboot it: