• Arijit Bhattacharya

    New attack on home routers sends users to spoofed sites that push malware

    Amid the COVID-19 outbreak, hackers are wreaking havoc on the internet safety of users. Yes, you heard it right! If you were redirected to a malicious site that promised to give you more info about the virus caused by man-to-man transmission, you might be in danger.
    The report
    A recent post published by Bitdefender, a security firm informed about these illegal cyber occurrences. The firm said that these hackers are targeting home and small office routers. In an attempt t offer information resources about COVID-19, the hackers are tactfully installing malware to the user's system which would further help them steal personal data, passwords and cryptocurrency credentials. As per their research, the attackers are hitting Linksys routers and probably D-Link too (as informed by Bleeping Computer. However, they are still not sure how the hackers are working on this job. On the basis of certain data collected by Bitdefender security products, researchers are assuming that the hackers are probably guessing the router passwords. It also added that hackers might be compromising by guessing the user credentials of Linksys cloud accounts.
    How does the attacker work?
    Such compromises permit the attackers to designate all the DNS servers of the connected devices. This then translates the domain names into IP addresses. This helps the computers to the site and server location of the users. they then redirect them to malicious sites to steal passwords and download malware. This relatively new malware is called Oski which is capable of extracting your cryptocurrency wallet addresses, browser credentials, and all other sensitive information. Additionally, such spoofed sites close port 443 and make your Internet gate vulnerable to transmits. This restricts the browser to display warnings (that a TLS certificate is untrusted or invalid) as they are using HTTP. Here are certain domains swept into the campaign.
    Some domains swept into the campaign are goo.gl, aws.amazon.com, tidd.ly, bit.ly, imageshack.us, ufl.edu, washington.edu, etc. and109.234.35.230 are the two IP addresses serving as malicious DNS lookups. Till date, there have been more than 1,193 downloads from one Bitbucket accounts. Three other Bitbucket accounts are assumed to be in use. The download number is higher than the actual number of infected as many people might not have clicked through or downloaded the installer.
    Which is the targeted location?
    All these started around March 18th and the targets touched heights on March 23rd. the most targeted locations had been Germany, France and US which is at the time also counted among the worst affected COVID-19 hit countries. How to safeguard your router?
    If you use a router in your home and his article is worrying you, you should better go ahead and check the Bitdefender post for compromising indicators. When you are satisfied that your router is not the affected one, you can always take steps to secure it. Following are some measures to secure your router: • Whenever possible, remote administration should be turned off. • Strong passwords should be used everywhere. • Router firmware should be updated from time to time.



    If you want to expand your business or looking for mentoring and investment support please be in touch.

    Arijit Bhattacharyya