Can malware infect a router and spread to other devices connected to it?

networking wireless-networking virus malware router

Suppose my computer gets malware. I can deal with it by reinstalling the OS with an installation usb from a different pc but is it possible for the malware to infect the wifi router and then spread to other devices connected to it? Or even reinstall the malware via the router?

Should I worry about this and take steps to clean the router even if I have no signs of such a router malware or should I wait and see if the malware spreads via the router?

Threat model: Regular computer user.

Comment: I know I made a similar post here but it's worded like I manage a network or something. I marked it for deletion.


Routers have been infected and are vulnerable to exploits, especially routers with older versions of Linux that contain known vulnerabilities.

The router contains an operating system (OS), so is vulnerable to malware, such as VPNFilter and Switcher Trojan. It's also vulnerable when weak passwords are used, or when protected by a PIN which is far easier to crack than a password.

While many routers use a Linux-based OS, some manufacturers create their own. The 2018 cryptomining attack targeting MikroTik routers is a notorious example of malicious scripts targeting specific router operating systems.

should I wait and see if the malware spreads via the router?

When you suspect an infection, you should never wait. The more you wait, the more the infection will spread, until it becomes impossible to eradicate.

A router is easily cleaned out, by simply doing a factory reset. The factory firmware is digitally signed, so is almost impossible to corrupt. The factory reset will return it to a pristine condition.

Even a simple reset of the router can eradicate most known viruses, as they mostly infect the memory-resident and post-reset firmware. Resetting the router from time to time is good practice.

As precaution, you should always update your router with the latest firmware, and also regard old routers with no updates coming for several years with great mistrust.


Routers (the ones I use) have firmware. Firmware is updated by the router vendor with specific signatures in the update tool. This assuming the firmware is the vendor firmware and not altered (which changes things)

Most unlikely (98% or more) that a standard and good router will not / cannot be infected.

Nothing to clean out.

Related

Why are lists used infrequently in Go?
GDB: break if variable equal value
How does one test async code using MSTest
Store output of sed into a variable [duplicate]
I can't delete a remote master branch on git
Concat 2 fields in JSON using jq
Where is NuGet.Config file located in Visual Studio project?
Node.js console.log() not logging anything
Create mutable List from array?
How can I save svg code as a .svg image? [closed]
How to use API Routes in Laravel 5.3
Multiple Inheritance in PHP