Can a Router Get a Virus? How to Find & Remove Router Malware

Unless we forget our internet password or the neighbors change theirs, we don’t usually think of our routers, much less router malware. There’s a good reason for that: malicious software doesn’t usually target networking devices.

However, when cybercriminals do create a router virus, the damage can be considerable. Routers play an important part in our lives – they direct our internet traffic, and we pair them with all our devices, yet we rarely take the necessary precautions to ensure their safety. It’s a perfect storm.

If you want to protect your router from malware, one of the things you can do is keep a lookout for common router virus symptoms. And should the unspeakable happen, rest assured: there are ways to effectively clean your infected router.

Can a Router Get a Virus?

The short answer is: yes, routers can get viruses. The rule of thumb is that if it has an OS (operating system), there’s a good chance malicious software is already targeting it.

VPNFilter is one of the most infamous examples of router malware. Over a couple of years, this virus spread through an estimated 500,000 devices in over 50 countries. Its scope was varied and ranged from the collection of sensitive information, like website logins, to the orchestration of complex cyberattacks. It even had the ability to make routers completely unusable.

To combat it, Cisco Talos publicly shared detection methods, blocklisted domains, and coordinated their efforts with at least five major router manufacturers, as well as with the Cyber Threat Alliance.

How Does a Router Get Virused?

Hint: it’s much simpler than you think. The easiest way to infiltrate a network is through the router’s login credentials. Many people don’t change their router’s password from the default one (please tell me you did), while others carelessly rely on weak p4ssw0rds.

According to threat intelligence agencies, cybercriminals also exploit router firmware vulnerabilities. This is how VPNFilter spread, and unlike software that targets login credentials, you can’t exactly do anything to stop it.

Not all routers are the same. Some manufacturers periodically update the firmware on their devices to address known vulnerabilities and even take extra safety precautions. Others… not so much. While a VPN router is slightly more expensive, it also comes with fail-proof protection for your entire network.
NetGear router sold by FlashRouters

Some routers, like the ones available on FlashRouters, are safer than others.

Router Virus Symptoms: How to Tell If Your Router Isn’t Well

Routers do the heavy-lifting of connecting us to the internet, and they usually go about their day unnoticed, much like a public transportation system that runs like clockwork. Experiencing Japan’s efficient public transit is actually on my bucket list. Am I weird?

Whenever a router or modem virus finds its way into your network, this will alter your device’s normal behavior. In transit terms, there’s a good chance trains and busses won’t make their schedules. You’ll also see them randomly stop or go back on their routes. Here’s how to tell if your router is infected:

    • Slower-than-usual internet. While many things can slow down your internet speed, this can also be a sign that you need to check your router for malware.
    • Website redirects. Cybercriminals can use the control they have over your router to redirect your internet traffic to compromised sites. The idea is to either get you to input your personal information, or to download and install more complex viruses.
    • Changes in your DNS. By changing your DNS settings, malicious parties can sidetrack all of your traffic through their servers. Unless your traffic is encrypted, these redirects give them unfettered access to all of your online activity.
    • Weird software/addons/toolbars you never installed. It’s not uncommon for viruses to force-install unknown software or bloatware (programs that take up excessive resources) on your devices.
    • Fake antivirus or antimalware pop-ups. Alarming messages seemingly coming from trusted sources is another common technique. The goal is usually to get you to buy “improved protection”.
 

If you notice any of the above, I suggest you take a closer look at your router, as well as the devices that use it to connect it to the internet. Phew. All this talk of malware is making me uneasy. Best run a speed test to make sure.

Speedtest results

My router seems to be working just fine. I’m gonna give it some well-deserved praise.

My ISP contract is for 1000Mbps, and a variation of up to 25% is to be expected, so these results are quite good. When you run your own speed test, make sure your bandwidth is not being used by anything traffic-intensive, like 4K streaming.

What Happens If a Router Is Hacked?

Is it really bad if your router gets infected? Well… yes.

The least harmful thing that could happen when your router is hacked is if the person responsible uses it to stream Netflix. That said, hacked routers have also been used to access illegal content (like dark web marketplaces), mine cryptocurrency, orchestrate cyberattacks, and more.

Bitcoin price chart from January 2020 to May 2021

There’s a lot of illegal crypto mining behind those attractive green graphs.

Other common dangers associated with router or modem viruses include harvesting personal data. Unless they take extra precautions, like a good VPN that encrypts their activity, anyone who uses the infected network is exposed and will likely be infected.

For this reason, my advice is to routinely scan your router for malware and take whatever precautions you can. Some of the best security measures don’t cost a penny.

How to Scan a Router for Viruses

First off, you’ll need a good antivirus. Most have an option for scanning your network, while some even include full-featured network inspectors.

If you just want to check your router’s health, a quick network scan on your antivirus might be enough.

Here’s a lesser-known fact: CyberGhost’s all-in-one security suite for Windows has a built-in antivirus you can rely on to keep you safe from viruses and malware.

If you’re seriously worried about router malware, I suggest you perform a full system cleanup with all the fixin’s, including a scan of any network drives, a boot-time scan, and an explorer scan.

Pro tip. To improve your odds of removing viruses or malware, I recommend you first boot your machine in Safe Mode and only then run the most thorough scan available on your antivirus.

You have to be patient. Some of these scans might take a while, and you won’t be able to do much while in Safe Mode. That said, these cleanups are absolutely necessary, because worms, trojans, and other malicious software can reinfect your network if they’re not properly deleted.

How to Remove Router Malware Yourself

What if the router virus scan didn’t work? Don’t worry. Keep calm and read on because there’s also a more or less manual router virus removal process you can rely on. Antivirus scans are sometimes powerless against firmware vulnerabilities, and a lot of malicious software is built that way.

In these cases, you have to do a factory reset. All modems and routers have a way of resetting the device to factory settings, which will wipe them clean. Before you press any buttons, though, I recommend you check the user manual for more information on the process.

The factory reset was one of the recommended fixes for VPNFilter, and it seems to be highly effective against a good deal of router threats. If you can’t seem to get rid of malware on your local machine, you can “factory reset” your PC as well. It’s a bit more complicated than pressing a button, though.

Protect Your Router Against Malware and Viruses

Here are a couple of simple precautions you can take to protect your router against malware.

  1. Upgrade your password. Strong passwords are the first line of defense against many types of threats, including man-in-the-middle attacks. If you don’t know how to create an unbreakable password, CyberGhost’s Password Manager can help.
  2. Update the firmware. It’s not as common for cheap routers to get firmware updates, but it does happen. Check the manufacturer’s website to see if any patches are available, and follow the instructions to apply them.
  3. Scan the router. Don’t just scan when you notice router virus symptoms. Regular device maintenance is key to keeping threats at bay, and it’s always better to be safe than sorry.
  4. Upgrade the hardware. If you don’t have one already, I recommend upgrading to a router that’s VPN-compatible. If you already have a strong password, installing a VPN on your router is the next best security measure. VPNs encrypt your online activity, and this keeps you protected even when cybercriminals (or other curious third parties) snoop on your traffic.
  5. Check the DNS settings. Lastly, you can always take a quick look at your router’s DNS settings. Unless otherwise configured by your network administrator, the DNS should be set to dynamic, which means your ISP handles everything.
Router DNS settings page

Checking your DNS settings takes less than a minute and costs nothing.

Did you ever have to deal with a router virus? What did you do to get rid of it? Let me know in the comments. I took the easy way out and bought a new, better router.

FAQ 

Should I turn my router off at night?

There’s no reason to turn your router off at night. These devices are engineered to stay on at all times, and their power consumption is minimal. Still, I would recommend you power it off if you’re away for extended periods.

In addition, turning your router off and then back on can help with IP address conflicts.

Can viruses slow down my Wi-Fi connection?

Absolutely. Viruses or malware can hog your bandwidth and considerably slow down your Wi-Fi connections. Malicious software can use your bandwidth for illegal crypto mining, information smuggling, attempts to infect other devices, and more.

If you notice your Wi-Fi is slower than usual, it may be time to check your router for malware.

Can too many devices crash a router?

Technically, yes. This is even more likely with low-cost, consumer-grade devices that are often marketed by ISPs as part of promotional offers. Sometimes, connecting as little as 10 devices at the same time can cause IP address conflicts. You can restart the router for a quick fix, but you’ll likely have to do it again in a couple of days.

One of the big downsides with cheap routers, and the reason they crash more often, is subpar firmware. In these cases, the more people use the same access point, the less efficient the router becomes at handling all the connections, no matter how good your bandwidth is.

Can someone hack my Wi-Fi?

Yes, Wi-Fi networks are vulnerable to hackers. While not all hackers are cybercriminals, you may not be keen on anyone accessing your Wi-Fi without permission.

Once a malicious third party has access to your router, they can easily change the DNS settings and reroute your traffic through a compromised infrastructure without you even knowing about it.

What happens if I press reset on my router?

Pressing the reset button on your router will restore the device to its factory settings. Everything on it will be wiped clean, including login credentials, ISP connection settings, and more. You’ll have to reconfigure the device as if you just took it off the shelf.

A router’s reset button is not the same as your computer’s reboot button. If you want to power down your router and turn it back on, you’ll have to use the power button.

Leave a comment

Write a comment

Your email address will not be published. Required fields are marked*