The rogue software targets many more devices than first thought, too. While a late May report focused on a handful of routers and network storage devices from Linksys, MikroTik, Netgear, QNAP and TP-Link, the vulnerability is now known to affect both more models from those brands as well as ASUS, D-Link, Huawei, Ubiquiti, Upvel and ZTE.
Significantly, VPNFilter isn't just infecting every device it can. Symantec noted that it's "particularly interested" in targets in Ukraine, suggesting that Russia or another politically motivated actor might be involved.
There are ways to minimize or eliminate the threat. MikroTik and Netgear note that newer firmware updates should protect against VPNFilter, and the FBI has seized a domain the malware used for its command and control system. QNAP has a malware removal tool. However, the scale of the threat is more than a little disconcerting, and there are many people and companies that rarely upgrade their firmware. It's possible that a new variant could switch to a new domain and infect more devices with little resistance.