• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 26th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Android

New Malware Poses as Android Client to Infect Wi-Fi Networks and Hijack DNS

December 30th, 2016 Uzair Amir Security, Android, Malware 0 comments
New Malware Poses as Android Client to Infect Wi-Fi Networks and Hijack DNS
Share on FacebookShare on Twitter

Android users are always at the target of malicious threat actors. Now, there is a new Android-based Trojan discovered by Kaspersky Lab researchers known as Switcher Trojan because of its ability to firstly infect the device’s Wi-Fi routers and then switch users of that infected network to various infected sites. This means, the Trojan doesn’t directly targets the users but acts as a facilitator of attacks that eventually convert victims into its co-conspirator.

More: Beware: Android Super Mario Run is Actually Malware; Don’t Download It

According to the analysis of Kaspersky Lab researchers, there are two versions of this malware that are currently affecting android devices. Both the versions are being utilized to hijack nearly 1,280 wireless networks. The firm’s mobile security expert Nikita Buchka states that most of these infected networks are located in China. One of the two versions pretends to be a mobile client for Baidu, a popular Chinese search engine, while the other appears as a version of an app that locates and shares WiFi login information.

When the victim downloads any of the two versions, it immediately performs the key task of infecting the router through brute-forcing, which is password guessing attack directed on the router’s admin web interface. Research suggests that the malware has a list of over 2 dozen username and password combinations which let it access the web admin interface of the router.

When this is done the Switcher Trojan swaps out the DNS servers’ addresses of the router for a fake server that is being controlled by the attacker(s). The IP addresses used by the malware are 101.200.147.153, 112.33.13.11 and 120.76.249.59. There is an extra DNS too that comes in handy for the attackers when the fake one doesn’t perform or is detected.

More: Low-cost Android Smartphones Shipped with Malicious Firmware

Afterward, all the requests from the devices that are made on the infected network are re-routed to the attackers’ servers. This action makes the victims vulnerable to all sorts of attacks including phishing, malware, redirection and adware.

Kaspersky Lab Researchers noted that:

“The ability of the Switcher Trojan to hijack [DNS] gives the attackers almost complete control over network activity which uses the name resolving system, such as internet traffic. The approach works because wireless routers generally reconfigure the DNS settings of all devices on the network to their own – thereby forcing everyone to use the same rogue DNS.”

Buchka explained that the developers of this malware didn’t make the sections of its command and control website too perfect but they did leave a publicly viewable table that contained full statistics of internal infection. A review of the website revealed that the attackers have so far infected 1,280 Wi-Fi networks within a few weeks’ time.

Researchers claim that the operating mechanism of Switcher malware shares a remarkable resemblance with DNSChanger malware that is now being used as an exploit kit. Another security firm Proofpoint recently observed that there was a campaign that was targeting wireless routers and modifying DNS entries for stealing traffic. But in that campaign, the vulnerable routers were those made by D-Link, Pirelli, Comtrend and Netgear. On the other hand, Buchka’s analysis reveals that Switcher Trojan works on TP-LINK Wi-Fi routers’ web interfaces only.

[fullsquaread][/fullsquaread]

More: Inherent Vulnerability making Netgear’s Routers Exploitable by Hackers

Buchka wrote that the malware “targets the entire network, exposing all its users, whether individuals or businesses, to a wide range of attacks – from phishing to secondary infection. A successful attack can be hard to detect and even harder to shift: the new settings can survive a router reboot, and even if the rogue DNS is disabled, the secondary DNS server is on hand to carry on.”

[src src=”Image Via” url=”https://www.flickr.com/photos/129666153@N08/15618334483/”]Coresol/Flickr[/src]

  • Tags
  • Android
  • DNS
  • internet
  • Malware
  • Router
  • security
Facebook Twitter LinkedIn Pinterest
Previous article Pakistan automotive giant PakWheels Hacked, 700k accounts stolen
Next article OurMine Group Hacks Nat Geo Photography's Twitter Account
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
TikTok vulnerability allowed hackers to access users' phone numbers

TikTok vulnerability allowed hackers to access users' phone numbers

Watch out as new Android malware spreads through WhatsApp

Watch out as new Android malware spreads through WhatsApp

SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
TikTok vulnerability allowed hackers to access users' phone numbers
Security

TikTok vulnerability allowed hackers to access users' phone numbers

46
Why you should never use free a VPN
Drones

Why you should never use free a VPN

34
Watch out as new Android malware spreads through WhatsApp
Security

Watch out as new Android malware spreads through WhatsApp

287

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us