Published On: Wed, Dec 28th, 2016

Android Malware Now Infects Wireless Routers to Hijack Network Traffic

Finding a new Android malware is no longer a surprise, and mostly doesn’t even make it to a headlines. However, researchers during Kaspersky Lab have come opposite a new Android trojan that they are job “quite unique.”

This latest Android trojan dubbed as “Switcher” doesn’t conflict a user but attacks a WiFi router a user is connected to. Switcher hacks wireless routers and changes their DNS settings to route trade to antagonistic websites. Clever, right? Here’s how it works.

Android trojan uses DNS hijacking to taint routers

The malware has been sheltered as an Android customer for a Chinese hunt engine Baidu and a Chinese app that is used for locating and pity WiFi login information. Once users implement any of these apps, a malware attempts to launch brute-force attacks to theory a password.

Known as DNS-hijacking, Switcher performs this brute-force cue guessing conflict on a router’s admin web interface. If it succeeds, a malware afterwards changes the addresses of a DNS servers in a router’s settings, rerouting all DNS queries from a connected inclination to a servers of a attackers.

“With a assistance of JavaScript it tries to login regulating opposite combinations of logins and passwords. Judging by a hardcoded names of submit fields and a structures of a HTML papers that a trojan tries to access, a JavaScript formula used will work usually on web interfaces of TP-LINK Wi-Fi routers,” Nikita Buchka of Kaspersky Lab pronounced in a blog post.

This brute-force conflict is launched with a predefined compendium of username and cue combinations, including admin:admin, admin:123456, admin:1111111, admin:00000000, etc. If a interface is accessed, a Android trojan afterwards replaces a device’s primary and delegate DNS servers with IP addresses that indicate to brute servers.

The DNS (Domain Name System) is used for solution human-readable names (e.g. google.com) into an IP address. When attacked, a web router will promulgate “with a totally opposite network resource. This could be a feign google.com, saving all your hunt requests and promulgation them to a cybercriminals, or it could only be a pointless website with a garland of pop-up ads or malware.” Following images uncover a differences in how these queries are processed.

“Unfortunately, a many common pattern for Wi-Fi routers involves creation a DNS settings of a inclination connected to it a same as a own, so forcing all inclination in a network use a same brute DNS,” Buchka warned. “The Trojan targets a whole network, exposing all a users, either people or businesses, to a far-reaching operation of attacks – from phishing to delegate infection.”

– Earlier, Massive DDoS Attacks Cause Internet Disruption for Several Popular Sites

About the Author

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>