Kaspersky Lab has said that a new form of Trojan horse known as Switcher can successfully infiltrate Wi-Fi networks, hijack the traffic to fake DNS servers and expose users to phishing attacks.
According to Nikita Buchka, who analyses new types of malware programs at Kaspersky Labs, the group operating the Trojan horse has now managed to infect more than 1,200 servers successfully. He says that the new form of malware appears to work efficiently on TP-Link routers. It is not clear whether Switcher poses a danger to other types of routers.
‘Apparently, the group forgot to protect their servers from the public, and we were able to examine their activities,’ he added.
Kaspersky Labs has detailed nature and manner of operation of this new form of malware program. It appears that Switcher works on Android devices. The malware targets tablets and phones running on the Android software. It seems that currently, the malware is spreading among Chinese users as a fake version of one of the most common apps in the country, Android version of the Baidu app. Once the malware successfully attaches itself to an Android device, it starts to probe the architecture of the Wi-Fi network that the device may be connected to.
According to Kaspersky Labs, the purpose of the probing is to gain administrator-status access to the network. To achieve this objective, the malware program automatically attempts all known combinations of administrator login credentials that common TP-Link routers use. Also, the malware program relies on instructions from its control server on whether or not to launch an attack against a particular router.
So far, all evidence indicates that once Switcher successfully gains access to a TP-Linker router, it immediately attempts to hijack the router and manipulate access by changing core DNS settings. Criminals operating the malware program can then surreptitiously move unsuspecting users to fake servers that the criminals have full control over.
Kaspersky Labs emphasises the danger that users of TP-Link routers face as a result of Switcher. It is easy for criminals operating the malware program to steal personal information from users once they successfully move the users to fake servers. The criminals then set up fake websites and use the sites to collect all login credentials of users to different accounts, thus exposing individuals to unimaginable dangers.