Linksys and D-Link routers targeted by new malware – here’s how to stay safe

Hackers are targeting several popular router brands in an attempt to hijack devices and gain access to home networks.

Research from Bitdefender found that criminals are hacking into devices and changing DNS settings to show browser alerts telling users to download fake coronavirus information apps.

D-Link and Linksys routers are the most affected, with hackers using a brute-force attack to access the admin panel of the router. Once there, hackers would change the DNS settings to direct the web-traffic towards their servers.

Router hijack

Once the router is hijacked using specific IP addresses, the routers would then share users browsing details with hackers’ servers. 

The hackers also use a preset list of websites, which when accessed, users were redirected automatically to another site to trick users into downloading the fake Covid-19 app, allegedly  from the World Health Organisation (WHO).

The domains which were used to re-directed users to the fake website are:

  • aws.amazon.com
  • goo.gl
  • bit.ly
  • washington.edu
  • imageshack.us
  • ufl.edu
  • disney.com
  • cox.net
  • xhamster.com
  • pubads.g.doubleclick.net
  • tidd.ly
  • redditblog.com
  • fiddler2.com
  • winimage.com

According to the researchers, the fake application installs a version of the Oski data stealer trojan. This recently discovered malware was found to be commonly sold on Russian dark web forums, and is mostly used to steal credentials, browser cookies, payment information, 2FA authenticator database, saved login credentials, and information about cryptocurrency wallets.

Once the hackers get access to the information collected through the router, it can be used for various purposes like hijacking users’ crypto wallet to steal their crypto currencies, use the details to perform identity theft or perform other phishing attacks.

Some users had reported that their settings may have been compromised due to weak passwords or they might have left remote access enabled.

Bitdefender is advising users with a D-link or a Linksys router to ensure they are usign a strong password and ensure that the router settings are correct as advised by their ISP.