SHARE


Hi, PearTrend viewers good morning to you all, Security Researchers have uncovered a new Android malware targeting your devices, but this time instead of attacking the device directly, the malware takes control over the WiFi router to which your device is connected to and then hijacks the web traffic passing through it.Dubbed “Switcher,” the new Android malware, discovered by researchers at Kaspersky Lab, hacks the wireless routers and changes their DNS settings to redirect traffic to malicious websites.Over a week ago, Proofpoint researchers discovered similar attack targeting PCs, but instead of infecting the target’s machines, the Stegano exploit kit takes control over the local WiFi routers the infected device is connected to.Switcher Malware carries out Brute-Force attack against Routers
Hackers are currently distributing the Switcher trojan by disguising itself as an Android app for the Chinese search engine Baidu (com.baidu.com), and as a Chinese app for sharing public and private Wi-Fi network details (com.snda.wifilocating).

Once victim installs one of these malicious apps, the Switcher malware attempts to log in to the WiFi router the victim’s Android device is connected to by carrying out a brute-force attack on the router’s admin web interface with a set of a predefined dictionary (list) of usernames and passwords.

“With the help of JavaScript [Switcher] tries to login using different combinations of logins and passwords,” mobile security expert Nikita Buchka of Kaspersky Lab says in a blog post published today.
“Judging by the hard coded names of input fields and the structures of the HTML documents that the trojan tries to access, the JavaScript code used will work only on web interfaces of TP-LINK Wi-Fi routers.”

Switcher Malware Infects Routers via DNS Hijacking
Once accessed web administration interface, the Switcher trojan replaces the router’s primary and secondary DNS servers with IP addresses pointing to malicious DNS servers controlled by the attackers.

Researchers said Switcher had used three different IP addresses – 101.200.147.153, 112.33.13.11 and 120.76.249.59 – as the primary DNS record, one is the default one while the other two are set for specific internet service providers.

Due to change in router’s DNS settings, all the traffic gets redirected to malicious websites hosted on attackers own servers, instead of the legitimate site the victim is trying to access.

“The Trojan targets the entire network, exposing all its users, whether individuals or businesses, to a wide range of attacks – from phishing to secondary infection,” the post reads.
“A successful attack can be hard to detect and even harder to shift: the new settings can survive a router reboot, and even if the rogue DNS is disabled, the secondary DNS server is on hand to carry on.”Researchers were able to access the attacker’s command and control servers and found that the Switcher malware Trojan has compromised almost 1,300 routers, mainly in China and hijacked traffic within those networks.

The Bottom Line
Android users are required to download applications only from official Google’s Play Store.

While downloading apps from third parties do not always end up with malware or viruses, it certainly ups the risk. So, it is the best way to avoid any malware compromising your device and the networks it accesses.

You can also go to Settings Security and make sure “Unknown sources” option is turned off.

Moreover, Android users should also change their router’s default login and passwords so that nasty malware like Switcher or Mirai, can not compromise their routers using a brute-force attack.

Thanks for visiting PearTrend I hope you find this post useful, please do comment below.

16 COMMENTS

  1. I discovered your weblog web site on google and examine a few of your early posts. Proceed to maintain up the superb operate. I just further up your RSS feed to my MSN News Reader. In search of forward to reading more from you in a while!…

  2. Thank you for the sensible critique. Me and my neighbor were just preparing to do some research about this. We got a grab a book from our local library but I think I learned more clear from this post. I’m very glad to see such magnificent information being shared freely out there.

  3. I was speaking with a good friend of my own about this article and about android framaroot too. I think you made a lot of great points in this case, we are excited to read more information from you.

  4. Thanks a bunch for your great posting! I actually appreciated it.I will make certain to save your site and definitely will return very soon. I would really like to encourage you to definitely keep going with your excellent writing, possibly try to think of garageband for ios also, have a nice evening!

  5. Thanks a lot for the terrific content! I quite enjoyed learning about.I’ll make certain to save your page and will return in the future. I would really like to encourage you to definitely keep going with your wonderful posts, perhaps try to think of garageband for mac free too, have a fantastic evening!

  6. Hey there I am so grateful I found your site, I really found you by mistake, while I was looking on Bing for something else, Nonetheless I am here now and would just like to say kudos for a incredible post and a all round interesting blog (I also love the theme/design), I donít have time to read through it all at the moment but I have bookmarked it and also included your RSS feeds, so when I have time I will be back to read a great deal more, Please do keep up the great work.

  7. Have you ever thought about writing an e-book or guest authoring on other sites? I have a blog based on the same information you discuss and would really like to have you share some stories/information. I know my subscribers would appreciate your work. If you are even remotely interested, feel free to shoot me an e-mail.

LEAVE A REPLY

Please enter your comment!
Please enter your name here