Hackers infecting routers with Covid-19 malware
And while the whole world is fighting against the COVID-19 virus, a new threat appeared on the internet carrying its name.
This new type of attack involves several stages that start by taking control of home and small business Linksys and D-link routers using a brute force attack.
Once attackers gain control over the router they can change the default DNS server. The new DNS server will work normally for most of the web addresses, but for some designates sites, the victims will be redirected to a bogus site.
The bogus site will look completely normal, but unlike the real site, it will additionally offer a pop-up window that will ask permission to install an app from the World Health Organization which gives the latest information about the COVID-19 virus.
Domains that are included in this campaign include aws.amazon.com, goo.gl, bit.ly, washington.edu, imageshack.us; ufl.edu, disney.com; cox.net, xhamster.com, pubads.g.doubleclick.net, tidd.ly, redditblog.com, fiddler2.com, winimage.com.
Of course, this COVID-19 app actually is a malware that once installed can gather private information like login data and send it back to attackers.
To stay protected, users are advised to disable remote access to their routers from the Internet. If this feature is really needed, users are advised to use complex passwords that should help against brute force attacks. Along with this, it is also recommended to keep the router software/firmware up to date.