How can a router get a virus?
Many people use default passwords on their routers and don’t bother changing them, so hackers can easily crack these passwords and, under the right circumstances, modify the router’s settings and infect the whole network with viruses. A single router can support your phone, laptop, smart home system, or even your electricity meter. It gives hackers a wide range of possible attack vectors, and by the time you notice that something’s wrong, it might already be too late.
You can buy a router for anything from $20 to several hundred dollars. Cheap options might have poorer security, their firmware can’t be updated automatically, and they’re easier to attack. While high-end routers are more secure, they can also be hacked and infected with viruses.
Router virus examples
VPNFilter is one of the most notorious pieces of router malware. It has infected more than half a million routers and network-attached storage drives in more than 50 countries since 2016. This virus exploited known system vulnerabilities to install malware on affected devices and even steal users’ sensitive information such as passwords and credit card details. VPNFilter is very persistent because it still can damage your network after a router is rebooted. It takes a lot of effort to remove this malware from your router.
The attacks can also be conducted the other way around: perpetrators can hack your phone and then infect your router. This is exactly how the Switcher Trojan works. In 2016, hackers created a few fake Android apps that impersonated Baidu (a Chinese search engine) and a Wi-Fi password sharing app. Once they got into the person’s phone and managed to connect to a router, they changed the default DNS server address to a malicious one. This caused the user’s traffic to be redirected so that hackers could see everything they do online.
Router virus symptoms
Common router virus symptoms range from seemingly innocent to downright disturbing ones. Check the list to see if you have encountered any of them:
- Slow internet speed. Malware or compromised router firmware can affect router performance and bring down internet speed.
- Slow computer. If you notice that your computer is lagging or even crashing, it’s one of the first signs that you have a virus. Viruses can spread to other devices and as soon as you notice the symptoms (crashing and slowing down) on a computer or device, it would be wise to check the router, too.
- Browser redirects. Your compromised router can redirect you to fake or unwanted sites. Hackers want you to click on the malicious links on those websites, download malware, and reveal even more sensitive information. They can also set up fake sites of popular services, making you believe that you’re communicating with the original ones.
- A different DNS server address. If you don’t recognize your DNS server address, there’s a chance that it was changed to one operated by hackers.
- Unfamiliar software on your device. Hackers can install all types of software to monitor your activities and steal your credentials.
- Fake antivirus notifications and pop-ups. If suspicious messages and pop-ups start to appear out of the blue while you’re browsing, it could be that your router has been infected. A criminal can hack your router and redirect you to fake websites designed to convince you that you have malware. In reality, you might end up paying for a useless antivirus software or even have your credit card details stolen.
- Your passwords no longer work. A hacker can change your passwords, so they can be in control of your accounts and extract sensitive information. If you’re sure that your credentials are correct, but you can’t log in, this might be a sign of an infected system.
How can you check if your router has been hacked?
If you’ve noticed any of the router virus symptoms, do a thorough check to be sure if this is actually a virus you’re dealing with or poor configuration. The easiest way to check if your router has been hacked is to log in to your router’s administrator interface using your router’s IP and login credentials and see the list of connected devices. Look for any unfamiliar devices that should not be on your network. If you find any unfamiliar devices, disconnect them from your network.
You should also check your router’s login history to see if there were any login attempts from unknown IP addresses. Network monitoring tools are also helpful in keeping an eye on network traffic for unusual or suspicious activity. You should also check your DNS settings because malware often alters these settings for malicious purposes.
Check DNS settings
Review your router’s DNS server address regularly to ensure it matches the DNS servers provided by your internet service provider (ISP) or a reliable DNS service, for example, Google DNS. Malware often alters DNS (domain name system) settings for malicious purposes. So check your DNS settings to make sure you have not been affected by the following attacks:
- DNS hijacking. Malware might change your router’s DNS settings to redirect your network traffic through malicious servers. This way you can be directed to websites for phishing attacks and end up being monitored or having your personal information stolen.
- Man-in-the-middle attacks. Threat actors might set up a rogue DNS server for monitoring and intercepting your web traffic.
- DNS filtering. Some malware uses DNS settings to bypass content filtering and parental control mechanisms set up on your router, allowing access to harmful content.
If your DNS settings have been compromised, follow the steps below to remove a virus from your router.
How to remove a virus from your router
- Reset your router to factory settings. If you’re confident that you have a virus on your router, resetting it to factory settings may delete most malware.
- Change your passwords. If your router has been compromised, you need to change all your passwords. Start from your administrator credentials and then move to your accounts. Avoid short passwords such as “kangaroo” or “james200” because hackers can crack them in a snap. Use 8-12 character-long passwords and be sure to use special characters and numbers along with lower- and uppercase letters.
- Scan the infected device. Whether it’s your phone or computer that has been infected through your router, you need to perform a full scan of your system. Use a dedicated antivirus software to search for anything suspicious. Otherwise, a virus can sit silently on your machine and continue doing its job.
- Update your firmware. While your router might have the latest firmware version installed, it’s better to check this for yourself. You can download the updates from the manufacturer’s website.
How to protect your router from malware
You can protect your router from malware by changing the default login username and password with unique and robust ones. You can also change your Wi-Fi SSID and password to secure your home Wi-Fi network. And make sure to update your router firmware regularly to patch up potential vulnerabilities that hackers could exploit. And if you are planning on getting a new router, check out our post on the most secure routers to serve your needs.
If you’re looking for extra security, configure a VPN for your router. It will mask your IP address and encrypt traffic, thus mitigating the risk of getting attacked again. Not all routers are VPN-compatible, but if they are, you can use a VPN to protect your whole router network with encryption. Alternatively, a VPN on your device can keep you safe from any snoopers using a router to track your traffic.
VPNs offer additional malware protection tools like the Threat Protection feature by NordVPN. It warns you about malware before you download an infected file and protects your devices from the latest threats. A reliable VPN with additional security features will go a long way towards helping to keep you, your router, and internet traffic safe.