A new malware strain has been recently identified by Kaspersky Lab researchers as a Trojan that spreads itself via downloads in Android devices. Dubbed Switcher, the said Trojan uses Android devices to infect routers that the infected device is connected to.
The Switcher Trojan conducts breaches against routers by employing aggressive password guessing attacks that target the admin web interface of the router being attacked. Upon success, the Trojan messes with the router’s DNS servers in a way that causes all traffic through them to redirect to the servers of the perpetrators, exposing users to malware attacks, phishing sites and other malicious activities.
As of January 2016, the malware strain has already infected more than 1,280 Wi-Fi networks, according to the Trojan’s publicly viewable infection statistics. The public is encouraged to change the default login credentials of their routers.
Similar malware strains
The Switcher Trojan is not the first of its kind. Other strains that target routers have been discovered in recent years, including:
DNSChanger
After years of relative absence since it was first discovered in 2007, the infamous DNSChanger has been rediscovered around December in 2016 as an exploit kit on more than 160 router models. Responsible for attacking Internet users by changing their DNS settings to force them to visit malicious sites, DNSChanger now also targets routers that are unpatched or are still using default security information. DNSChanger is being distributed via malvertising campaigns, and is currently known to affect routers from a number of well-known brands, including D-Link and Comtrend.
Mirai
The Mirai botnet has become more than just a threat to Internet-of-Things (IoT) devices. Flashpoint recently discovered a new Mirai variant that targets routers, with the intent of increasing the number of devices under the control of the notorious botnet. Flashpoint said that this variant uses the same infrastructure as the Mirai, suggesting that the variant is being controlled by the same group.
Remaiten
In March 2016, researchers at ESET discovered a bot targeting routers and embedded IoT devices. Named Remaiten, the bot is similar to Mirai in that its primary goal is to increase the number of devices under its control. Remaiten combines the capabilities of Trojans Tsunami (remote access to infected devices) and Gafgyt (back door access for stealing information), making it highly dangerous. It can even scan and remove competing bots once it infects a device.
These malware strains continue to rack up victims, with permanent solutions not expected in the coming months. As always, prevention is better than cure, and keeping your routers and other devices protected from malware infections is a must if you want to remain in full control of them.
One way to improve your chances of staying secure online is by downloading a VPN for malware security such as Hotspot Shield. Hotspot Shield helps prevent malware strains from infecting your device by notifying you if the website that you’re trying to visit is infected. It then blocks that website, preventing malware attacks on your devices.
Download Hotspot Shield VPN for malware security today
Hotspot Shield VPN for malware security
Hotspot Shield is a free download VPN that lets you browse online without having to worry about malware attacks. It uses a database of more than 3.5 million websites and links that are known to be infected, which is regularly updated to provide the best protection for your device. This is just one of the features of Hotspot Shield. You can learn more about these features by visiting this page.
Prevent the spread of malware to routers and keep your device secure by downloading Hotspot Shield VPN for malware security today! Visit the Hotspot Shield VPN website for more information about its benefits. For more blogs posts on cybersecurity, content access and online anonymity, visit our blog.
The post A new malvertising campaign targeting routers appeared first on .