Malware Based on JavaScript Attacks DNS Settings of Your Router

Trend Micro, a security firm, has revealed attack on the home routers which involves mobile website, malicious JavaScript, as well as mobile device like a smartphone. These types of attacks are happening after December 2015, and till now focuses on Japan, Taiwan and China. With United States being the fourth on attack list, hence be prepared for that.

This new threat, namely JS_JITON, was first found in attacks toward December 2015-end, and hit its peak during February 2016 with more than 1,500 infections on daily basis. Meanwhile, it is still continuing infecting the devices till this day.

As per report, a mobile website that is compromised may contain JavaScript, which then downloaded another JavaScript with DNS changing routines to the visiting mobile device. Despite the fact that the JavaScript could be downloaded on computer, the infection relies on the medium of the user - for instance, JS-JITONDNS merely infects the mobile devices causing DNS changing routine, while the JITON infection is activated only when the user have a ZTE modem.

Softpedia.com posted on April 11th, 2016, stating that more than 1,400 credentials have been included, and as soon as the malware validates on the device, it changes the DNS settings of the router.

As per the report, cybercriminals responsible for the event uses (an) elusive process for going off the radar as well as continuing the attack not creating any doubt from the affected users. This type of tactics involves regular updation of JavaScript codes for fixing errors as well as regularly changing the targeted home routers. The report also states that "the compromised websites are difficult to pinpoint due to the lack of any suspicious behavior".

This decision is also endorsed by the truth that attackers on a regular basis update the source code of JS_JITON changing minute details every time, and thus improving their attacks. Moreover, JS_JITON source code additionally included a component of keylogging at one point.

Researchers noticed that JS_JITON can attack TP-Link and D-Link routers; however it also contain a unique exploit to get benefit of CVE-2014-2321, which is an older vulnerability in ZTE modems.

Hackers can do all types of things with compromised routers including creating a botnet and programming specific DNS settings, which send naive victims to malicious websites.

» SPAMfighter News - 4/19/2016