Tag : Switcher Trojan

Android Trojan rerouters you to Rogue DNS server

android trojan

New Android Trojan virus reported by Kaspersky Lab, that goes by the name, Switcher.

Switcher Trojan infects wifi routers through an infected Android, where an attacker can then reroute other users on the network to malicious sites. This is through brute force attacks against the admin interface of the router – using a predetermined list of password/login combos. The DNS servers are then replaced with both an active and backup server of the hacker. This allows for a multitude of potential infections, since every DNS query is directed to a network controlled by the attacker.

Kaspersky Lab researchers explained that “the ability of the Switcher Trojan to hijack [DNS] gives the attackers almost complete control over network activity which uses the name-resolving system … the approach works because wireless routers generally reconfigure the DNS settings of all devices on the network to their own – thereby forcing everyone to use the same rogue DNS.” – www.techgenix.com

Attacks primarily in china and proven track record predicts that the attacks will certainly spread across locations. This is the first Android malware that has been used to attack routers in this manner.

At the moment it is advised that admins and users alike should be on the look out for the following rogue DNS servers:

101.200.147.153

112.33.13.11

120.76.249.59 

“A successful attack can be hard to detect and even harder to shift: the new settings can survive a router reboot, and even if the rogue DNS is disabled, the secondary DNS server is on hand to carry on,” says Kaspersky Lab cybersecurity researcher Nikita Buchka. – www.zdnet.com

 


If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.techgenix.com