Crooks continue to launch Coronavirus-themed attacks, experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.
“For the past five days, people have been reporting their web browser would open on its own and display a message prompting them to download a ‘COVID-19 Inform App’ that was allegedly from the World Health Organization (WHO).” reported BleepingComputer.
“After further research, it was determined that these alerts were being caused by an attack that changed the DNS servers configured on their home D-Link or Linksys routers to use DNS servers operated by the attackers.”
Experts believe hackers are launching brute-force attacks against the routers, then they change the default DNS server settings to point the device to servers under their control.
“As in the screenshot below, whenever victims wanted to visit one of the targeted domains listed above, attackers would simply display a message as if prompted by the legitimate domain.” reads the analysis published by BitDefender. “Since the domain name displayed in the browser’s address bar is unchanged, victims would have no reason to believe that the viewed message is being served from an attacker-controlled IP address.”
Both Bitdefender and Bleeping Computer confirmed that the app proposed to the
The malware is able to steal account credentials from browsers and
Below the list, published by Bitdefender, of some domains targeted in this attack:
Victims of this attack should restore the DNS settings to legitimate IP addresses and of course secure their router by changing the admin panel password.
Bitdefender telemetry shows that most of the victims are in Germany, France, and the United States (over 73 percent of the total), these countries are also among those most impacted by the pandemic.
“We estimate that the number of victims is likely to grow in the coming weeks, especially if attackers have set up other repositories, whether hosted on Bitbucket or other code repository hosting services, as the Coronavirus pandemic remains a “hot topic”. ”
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.