A new cyber-attack is hijacking router’s DNS settings so that web browsers display alerts for a fake COVID-19 information app from the World Health Organisation. For the past five days, people have been reporting their web browser would open on its own and display a message prompting them to download a ‘COVID-19 Inform App’ that was allegedly from the World Health Organisation (WHO).
Researchers determined that these alerts were being caused by an attack that changed the DNS servers configured on their home D-Link or Linksys routers to use DNS servers operated by the attackers.
The malicious download will install the Vidar information-stealing Trojan on victim’s computer. When launched, this malware will attempt to steal information from the victim’s computer, including browser cookies and history, browser payment information, saved login credentials and cryptocurrency wallets, Authy 2FA authenticator databases, a screenshot of the desktop at the time of infection, and more.
At this time, it is not known how the attackers are gaining access to the routers to change their DNS configuration, but some users state that they had remote access to the router enabled with a weak admin password.
Details of the hijack method are contained in the report, as well as advice on how to reconfigure affected routers.
With thanks to the Cyber Defence Alliance and Bleeping Computer. The full story is here: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Request A Demo: Security Awareness Training
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilise users as your last line of defence. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW