More than half a million routers and network devices in 54 countries have been infected with sophisticated malware, researchers from Cisco's Talos Intelligence Group warn.

The malware, which the security researchers are calling VPNFilter, contains a killswitch for routers, can steal logins and passwords and can monitor industrial control systems.
Talos researchers are still looking into how the malware infects routers but said that routers from Linksys, MikroTik, Netgear and TP-Link are affected.

Netgear said it's aware of VPNFilter and advises its users to update their routers.

"Netgear is investigating and will update this advisory as more information becomes available," a spokesman said in an emailed statement.

The other three network companies didn't respond to a request for comment.
"It has destructive capability. The malware's flexible command structure gives the adversary the ability to use it to 'brick' these devices. That's not a capability usually built into malware like this," Cyber Threat Alliance President Michael Daniel said.

Talos is recommending that people reset their routers to factory defaults to remove the potentially destructive malware and update their devices as soon as possible.
US takes aim at Russian hackers who infected over 500,000 routers - CNET