Hackers Hijack Routers To Spread Malicious COVID-19 Apps – Networks Expert Comments

It’s being reported that a new cyberattack is hijacking router’s DNS settings so that web browsers display alerts for a fake COVID-19 information app from the World Health Organization that is the Vidar information-stealing malware.

For the past five days, people have been reporting their web browser would open on its own and display a message prompting them to download a ‘COVID-19 Inform App’ that was allegedly from the World Health Organization (WHO). After further research, it was determined that these alerts were being caused by an attack that changed the DNS servers configured on their home D-Link or Linksys routers to use DNS servers operated by the attackers.

Subscribe
Notify of
guest
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Laurence Pitt
Laurence Pitt , Global Security Strategy Director
InfoSec Expert
March 25, 2020 3:09 pm

This attack highlights the need for people to make sure they change the default username/password for their home router, as a number of the affected users admitted having a weak or default combination. Most internet providers today provide routers that have a decent strength default security setup. It appears that this attack has targeted a certain brand of router that would also indicate that users have left the default admin/password combination to access the device.

Last edited 2 years ago by Laurence Pitt
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x