D-Link and Linksys routers hacked to point users to coronavirus-themed malware
(Source: zdnet.com)

clicks | 4 days ago | comments: discuss | tags: cryptocurrency


Article preview (bot search)

(Original link: zdnet.com)

Image via Bitdefender HOW TO How to lock down an insecure wireless network router
Your home router is vulnerable to attacks as soon as you take it out of the box.
Read More
For almost a week, a group of hackers has been breaking into people's routers and changing DNS settings in order to point unsuspecting device users to coronavirus -related sites pushing malware.
The attacks have currently targeted D-Link and Linksys routers, according to reports from cyber-security firm Bitdefender and tech support forum and news site Bleeping Computer .
According to Bitdefender, hackers are using brute-force attacks to guess the admin password of targeted routers. Once they guess a password and get in, hackers change the router's default DNS server settings, pointing the device to their own servers.
This means that every DNS query made by users connected to a hijacked router goes through the hackers' DNS servers, giving the attackers full control over what sites a user accesses.
Per reports, when users attempt to access a list of particular domains, hackers have been redirecting users to a custom site urging users to install a coronavirus (COVID-19) information app.
Both Bitdefender and Bleeping Computer said this app installs a version of the Oski trojan . Oski is a recent infostealer trojan sold on Russian-speaking dark web forums. The trojan's primary function is to steal account credentials from browsers and cryptowallet files to hijack cryptocurrency accounts.
Per Bitdefender, users have reported being redirected to the malicious coronavirus-themed site when they tried to access one of the following domains:
aws.amazon.com
goo.gl
bit.ly
washington.edu
imageshack.us
ufl.edu
disney.com
cox.net
xhamster.com
pubads.g.doubleclick.net
tidd.ly
redditblog.com
fiddler2.com
winimage.com
The malicious DNS servers used by hackers are 109.234.35.230 and 94.103.82.249 . If ZDNet readers use a D-Link or Linksys router they should connect to the device's admin panel and check if these two IP addresses appear in the DNS settings section.
If they do, users should remove the DNS server IP addresses and change the router's admin panel password.
This campaign first began on March 18 and is currently ongoing. D-Link and Linksys owners should be on the lookout for any unprompted requests to download and install coronavirus-related apps -- a common malware lure these days, for both common cybercriminals and state-sponsored groups alike.
The Mac malware most likely to attack your... SEE FULL GALLERY 1 - 5 of 8 NEXT PREV Coronavirus Updates Latest News from the CDC Critical IT policies and tools every business needs (TechRepublic) Why VPN security is now paramount Online learning gets its moment Roundup: Cyber-security during the pandemic Remote support essentials: Keep friends and family connected Tableau makes Johns Hopkins data widely available IBM, White House to provide supercomputing power Free tools and services for businesses They want to use your location data to fight pandemic Cleaning your phone and keyboard? Seven more things you should be disinfecting 64 expert tips for working from home 8 tips for managing telecommuters Dashboard delivers real-time view of virus...