Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Software Privacy

Hackers Hijack Routers' DNS To Spread Malicious COVID-19 Apps (bleepingcomputer.com) 13

An anonymous reader quotes a report from Bleeping Computer: A new cyber attack is hijacking router's DNS settings so that web browsers display alerts for a fake COVID-19 information app from the World Health Organization that is the Oski information-stealing malware. For the past five days, people have been reporting their web browser would open on its own and display a message prompting them to download a 'COVID-19 Inform App' that was allegedly from the World Health Organization (WHO). After further research, it was determined that these alerts were being caused by an attack that changed the DNS servers configured on their home D-Link or Linksys routers to use DNS servers operated by the attackers. As most computers use the IP address and DNS information provided by their router, the malicious DNS servers were redirecting victims to malicious content under the attacker's control. "If your browser is randomly opening to a page promoting a COVID-19 information app, then you need to login to your router and make sure you configure it to automatically receive its DNS servers from your ISP," the report says. It also recommends you set a strong password for your router and to disable remote administration.

"Finally, if you downloaded and installed the COVID-19 app, you should immediately perform a scan on your computer for malware. Once clean, you should change all of the passwords for sites whose credentials are saved in your browser and you should change the passwords for any site that you visited since being infected."
This discussion has been archived. No new comments can be posted.

Hackers Hijack Routers' DNS To Spread Malicious COVID-19 Apps

Comments Filter:
  • Fuck people (Score:5, Insightful)

    by AndyKron ( 937105 ) on Wednesday March 25, 2020 @08:57AM (#59869814)
    Jesus Fucking Christ.
  • Hijack Windows NCSI active probes:

    When a computer connects to a network, Microsoft utilizes a feature called 'Network Connectivity Status Indicator (NCSI)' that is used to periodically run probes that check whether a computer is actively connected to the Internet.”

    In Windows 10, one of these active probes will be to connect to the http://www.msftconnecttest.com... [msftconnecttest.com] site and check if the returned content contains the string 'Microsoft Connect Test'.
  • This happened to me. I have a Veloop system from Linksys, the default admin code is printed on the router and is around 10 alphanum characters long. only way to change settings is through their app. I spent most of monday troubleshooting crappy internet and now I know why. i fixed it with a hard reset back to factory settings and was mad but forgot about it until today. I'll be switching to more robust hardware asap.
  • This is the popup users see: "Install this app, to have the latest information and instructions about coronavirus (COVID-19).".

    Such things always employ bad grammar and/or spelling. In this case it's the extraneous comma. The dumber users cannot spot this, and it's part of the reason they fall for things like this or QAnon, for instance.

    Most of these router exploits are based on existing remote access vulnerabilities or default passwords anyway.

Business is a good game -- lots of competition and minimum of rules. You keep score with money. -- Nolan Bushnell, founder of Atari

Working...