Kaspersky Lab experts have uncovered a remarkable evolution in Android OS malware: the Switcher Trojan. It treats unsuspecting Android device users as tools to infect Wi-Fi routers, changing the routers’ DNS settings and redirecting traffic from devices connected to the network to websites controlled by the attackers, leaving users vulnerable to phishing, malware and adware attacks and more. The attackers claim to have successfully infiltrated 1,280 wireless networks so far, mainly in China.
Domain Name Servers (DNS) turn a readable web address such as ‘x.com’ into the numerical IP address required for communications between computers. The ability of the Switcher Trojan to hijack this process gives the attackers almost complete control over network activity which uses the name-resolving system, such as internet traffic. The approach works because wireless routers generally reconfigure the DNS settings of all devices on the network to their own – thereby forcing everyone to use the same rogue DNS.
The infection is spread by users downloading one of two versions of the Android Trojan from a website created by the attackers.
When an infected device connects to a wireless network, the Trojan attacks the router and tries to brute-force its way to the web admin interface by guessing the password, relying on a long, predefined list of password and login combinations. If the attempt is successful, the Trojan exchanges the existing DNS server for a rogue one controlled by the cybercriminals, and also a secondary DNS, to ensure ongoing stability if the rogue DNS goes down.
To illustrate, what normally happens is this:
Following a successful Switcher attack, this is what happens:
The attackers have built a website to promote and distribute the Trojanized Wi-Fi app to users. The web server that hosts this site doubles as the malware authors’ command-and-control (C&C) server. Internal infection statistics spotted on an open part of this website reveal the attackers’ claims to have compromised 1,280 websites – potentially exposing all the devices connected to them to further attack and infection.
“The Switcher Trojan marks a dangerous new trend in attacks on connected devices and networks. It does not attack users directly. Instead, it turns them into unwilling accomplices: physically moving sources of infection. The Trojan targets the entire network, exposing all its users, whether individuals or businesses, to a wide range of attacks – from phishing to secondary infection. A successful attack can be hard to detect and even harder to shift: the new settings can survive a router reboot, and even if the rogue DNS is disabled, the secondary DNS server is on hand to carry on. Protecting devices is as important as ever, but in a connected world we cannot afford to overlook the vulnerability of routers and Wi-Fi networks,” said Nikita Buchka, mobile security expert, Kaspersky Lab.
The company recommends that all users check their DNS settings and search for the following rogue DNS servers:
If you have one of these servers in your DNS settings, contact your ISP support or alert the owner of the Wi-Fi network. Kaspersky Lab also strongly advises users to change the default login and password to the admin web interface of your router to prevent such attacks in the future.
View Previous Issue
VIVOTEK presents Dome Camera for high security environments
Security Spending in Banks three times more than non-financial companies: Kaspersky Lab
Cohesive cybersecurity measures are needed for hybrid cloud environments: Fortinet
DIGISOL L2 Managed Gigabit Ethernet PoE Switch
ANIL SETHI OF DELL EMC GIVING AWAY SUPER50 AWARD TO TEAM COMUTERS
SANIB MOHAPATRA, PUBLISHER, SME CHANNELS GIVING AWAY SUPER50 AWARD TO RX INFOTECH PVT LTD
ANIL SETHI OF DELL EMC GIVING AWAY SUPER50 AWARD TO ARROW PC NETWORK PVT LTD
ANIL SETHI OF DELL EMC GIVING AWAY SUPER50 AWARD TO ARYAN COMPUTERS & PERIPHERALS
ANIL SETHI OF DELL EMC GIVING AWAY SUPER50 AWARD TO ASPIRE NXT PVT LTD
ANIL SETHI OF DELL EMC GIVING AWAY SUPER50 AWARD TO BRUCKE NETWORKS
CHAMPAK GURJAR, PRESIDENT, FAAITA IS GIVING AWAY THE AWARD OF ENTERPRISE APPLICATION VENDOR OF THE YEAR TO SAP INDIA PVT. LTD
CHAMPAK GURJAR, PRESIDENT, FAAITA IS GIVING AWAY THE AWARD OF ENDPOINT SECURITY VENDOR OF THE YEAR TO SOPHOS
SHRI NAVEEN GOSAI, ASSISTANT COMMISSIONER, VAT IS GIVING AWAY THE AWARD OF BEST BACKUP VENDOR OF THE YEAR TO VEEAM SOFTWARE
CHAMPAK GURJAR, PRESIDENT, FAAITA IS GIVING AWAY THE AWARD OF NETWORK SECURITY VENDOR OF THE YEAR TO FORTINET TECHNOLOGIES INDIA PVT, LTD
ALOK GUPTA, PRESIDENT, PCAIT IS GIVING AWAY THE AWARD OF SURVEILLANCE VENDOR OF THE YEAR TO TYCO SECURITY INDIA PVT. LTD.
ALOK GUPTA, PRESIDENT, PCAIT IS GIVING AWAY THE AWARD OF NON-X86 SERVER VENDOR OF THE YEAR TO IBM INDIA PVT. LTD.
SAKET KAPUR, CONVENER, FAIITA IS GIVING AWAY THE AWARD OF PC BRAND IN MAKE IN INDIA TO ICTS
SANJIB MOHAPATRA, PUBLISHER, SME CHANNELS IS GIVING AWAY THE AWARD OF PC VENDOR OF THE YEAR TO HP INC
SANJAY MOHAPATRA, EDITOR, SME CHANNELS IS GIVING AWAY THE AWARD OF MOBILITY VENDOR OF THE YEAR TO VMWARE SOFTWARE INDIA PVT. LTD.
SANJIB MOHAPATRA, PUBLISHER, SME CHANNELS IS GIVING AWAY THE AWARD OF A4 PRINTER VENDOR OF THE YEAR TO CANON INDIA
Unmatched Quality, after sales support differentiate Matrix
We have as high as 50% of the Wallet Share of the Addressable Market
Dell EMC to Create Separate Partner Programme by February 2017
IoT is not about things alone
We want to create a last mile for all ICT businesses in India
Syamala Lanka, Global Delivery head at Wells Fargo India Solutions
K V Sudha, Executive Director, Development Engineering, Dell
Kiranmai Dutt Pendyala, Corporate VP, Human Resources, AMD Greater Asia
Suchita Vishnoi, Director – Marketing (India & SAARC), Trend Micro
Daisy Chittilapilly- Director, Partner Organization, Cisco India and SAARC
Arati Naik, COO, Smartlink Network Systems Ltd
Matrix Setu Vg –Multi-Sim Voip To Gsm/3g Gateway
RDP TD-500 Zero Client
2015 Powered By SME Channels