Researchers at Kaspersky Lab have discovered a new form of malware that targets Wi-Fi routers via Android-based devices.
According to a detailed report, the researchers point out that the new malware, Switcher Trojan, works by first infecting Android-based devices that people may be using on a public Wi-Fi network.
‘This is the first time that this form of malware is being used to attack routers of public Wi-Fi networks,’ the report says.
The report further adds that the main aim of the malware is to access the administrator features of a router and then change the settings. The malware then successfully hijacks all the traffic on the website and redirects it to a series of fake sites that criminals set up to steal the data of individuals using the network, the report adds.
According to Nikita Buchka, who is one of the researchers who authored the report, this new form of malware is unique because of the manner in which it carries out its ultimate DNS-hijacking goal.
‘It is hard to detect, leave alone prevent, a successful Switcher Trojan attack because the new settings that the criminals use on a router can remain active even after you reboot your router,’ he says.
It appears that the efficiency of Switcher Trojan lies in its ability to evade detection and attempts at flushing it out.
But in what many security researchers are taking a keen interest on is the manner in which Switcher Trojan probes the DNS settings of a router after gaining access via an Android device. The report indicates that the malware exists in the form of fake Android mobile apps for leading Chinese websites, the most common on being Baidu.
Once the malware gains access to an Android device in the form of a fake app, the malware immediately starts to probe the DNS settings of any router that the device may get connected to. The malware relies on a list of known DNS settings to attempt to crack routers of Wi-Fi networks.
Once the malware gains access to a network, it successfully changes the DNS settings of the router and, in effect, hijacks all the traffic, thus exposing users to the risk of losing their credentials to criminals.
So far, security experts are asking people to change the DNS settings of their routers from the default login details as one of the ways that they can use to protect themselves from this new form of malware.