Android – Infecting Trojan Malware to Attack Router Via Phone

Zdnet.com posted on 3rd January, 2017 stating that a new type of malware called Android Trojan can attack routers which controls the wireless networks of its victims making them more vulnerable to more cyberattacks, data theft and fraud.

The malware known as 'Switcher Trojan' uses innocent users of Android device in a way
which redirects all traffic from devices connected to Wi-Fi on the network into the hands of cyber attacker.

This kind attack involving DNS-hijacking permits the criminals scrutinize all passage on
the affected network providing them with huge bunch of information which can be used to conduct malicious or cybercriminal activities.

This server fools the devices in communicating with websites controlled by attackers; making users vulnerable to either phishing or more malware-based attacks.

As per the figures on C &C servers of cybercriminals - apparently exposed to accident - 1,280 Wi-Fi networks have been invaded with the help of Switcher Trojan making all users of the networks vulnerable to hackers and cyber criminals. The bad news is that despite the attack being detected, it can be hard to remove the infection because of backup servers.

The tactics in action are same as those employed by a DNS Changer variant detected by security researchers at Proofpoint last month. That malicious spread through JavaScript code in malicious ads, where as Switcher uses a different mode of attack.

The infection is distributed by users by downloading one of the two versions of Android Trojan from a website created by the attackers. The first version masked as an Android client of the Chinese search engine known as Baidu and the other one is a forged variant of a popular Chinese app to share information about Wi-Fi networks.

Nikita Buchka, researcher with Kaspersky Lab cybersecurity, said: "It is hard to detect a successful attack and even harder to shift: the new settings can survive a router reboot and even if the rogue DNS is disabled, the secondary DNS server is on hand to carry on."

One main method is to avoid being victim of this type of attack is to modify the default login and password of the network router.

» SPAMfighter News - 1/10/2017