Mon, Feb 27, 2017 | updated 05:22 AM IST

Switcher Trojan: Android joins 'attack-the-router' club

Updated: Dec 29, 2016 12:11 IST

New Delhi [India], Dec.29 (ANI): Kaspersky Lab experts have uncovered a remarkable evolution in Android OS malware: the Switcher Trojan. It treats unsuspecting Android device users as tools to infect Wi-Fi routers, changing the routers' DNS settings and redirecting traffic from devices connected to the network to websites controlled by the attackers, leaving users vulnerable to phishing, malware and adware attacks and more. The attackers claim to have successfully infiltrated 1,280 wireless networks so far, mainly in China.

Domain Name Servers (DNS) turn a readable web address such as 'x.com' into the numerical IP address required for communications between computers. The ability of the Switcher Trojan to hijack this process gives the attackers almost complete control over network activity which uses the name-resolving system, such as internet traffic. The approach works because wireless routers generally reconfigure the DNS settings of all devices on the network to their own - thereby forcing everyone to use the same rogue DNS.

The infection is spread by users downloading one of two versions of the Android Trojan from a website created by the attackers. The first version is disguised as an Android client of the Chinese search engine, Baidu, and the other is a well-made fake version of a popular Chinese app for sharing information about Wi-Fi networks: WiFi????.

When an infected device connects to a wireless network, the Trojan attacks the router and tries to brute-force its way to the web admin interface by guessing the password, relying on a long, predefined list of password and login combinations. If the attempt is successful, the Trojan exchanges the existing DNS server for a rogue one controlled by the cybercriminals, and also a secondary DNS, to ensure ongoing stability if the rogue DNS goes down.

The attackers have built a website to promote and distribute the Trojanized Wi-Fi app to users. The web server that hosts this site doubles as the malware authors' command-and-control (C&C) server. Internal infection statistics spotted on an open part of this website reveal the attackers' claims to have compromised 1,280 websites - potentially exposing all the devices connected to them to further attack and infection.

"The Switcher Trojan marks a dangerous new trend in attacks on connected devices and networks. It does not attack users directly. Instead, it turns them into unwilling accomplices: physically moving sources of infection. The Trojan targets the entire network, exposing all its users, whether individuals or businesses, to a wide range of attacks - from phishing to secondary infection. A successful attack can be hard to detect and even harder to shift: the new settings can survive a router reboot, and even if the rogue DNS is disabled, the secondary DNS server is on hand to carry on. Protecting devices is as important as ever, but in a connected world we cannot afford to overlook the vulnerability of routers and Wi-Fi networks," said Nikita Buchka, mobile security expert, Kaspersky Lab.

The company recommends that all users check their DNS settings and search for the following rogue DNS servers:

• 101.200.147.153

• 112.33.13.11

• 120.76.249.59

If you have one of these servers in your DNS settings, contact your ISP support or alert the owner of the Wi-Fi network. Kaspersky Lab also strongly advises users to change the default login and password to the admin web interface of your router to prevent such attacks in the future. (ANI)

New Delhi [India], Feb. 26 (ANI): Rocking Deals launched Trackstolen.in, a free medium to spread awareness about stolen or theft devices. A website to enable users to register his/her device to secure it from getting stolen, this eases the process of buying and selling second-hand phones.

Full Story >>

New Delhi [India], Feb. 25 (ANI): The wholly-owned subsidiary of Mahindra and Mahindra, Mahindra Agri Solutions (MASL) has announced an advisory platform for farmers in the form of a mobile app, 'MyAgriGuru'.

Full Story >>

New Delhi [India], Feb 24 (ANI): Almost half of all phishing attacks (fraudulent email messages or copycat websites that appear legitimate) registered in 2016 by Kaspersky Lab's heuristic detection technologies, were aimed at stealing their victim's money, according to an analysis of the financial threat landscape by Kaspersky Lab the company's experts.

Full Story >>

WhatsApp's new 'status' feature goes live

Updated: Feb 24, 2017 12:25 IST

New Delhi [India], Feb. 24 (ANI): WhatsApp's on Friday rolled out its new feature 'Status' live across Android, iOS and Windows software wherein the users can upload pictures and videos for their contacts to see, instead of regular text status message.

Full Story >>

New Delhi [India], Feb 24 (ANI): World's leading information technology (IT) association CompTIA has unveiled a groundbreaking, vendor-neutral certification, CompTIA Cyber security Analyst (CSA+), the first of its kind to bring behavioral analytics to the forefront of assessing cyber threats.

Full Story >>

New Delhi [India], Feb. 24 (ANI): Verizon and Ericsson enabled an operational shift of 5G network from technology trials to pre-commercial pilots in the field in multiple cities across United States of America.

Full Story >>

Amsterdam [Netherlands]/Tokyo [Japan], Feb.23 (ANI): ISE 2017, the largest audio-visual and systems integration show, was held recently in Netherlands.

Full Story >>

New Delhi [India], Feb. 23 (ANI): Google has always made sure to celebrate every special affair around the globe.

Full Story >>

Mumbai (Maharashtra) [India], Feb. 22 (ANI): Microsoft's Chief Executive Officer (CEO) Satya Nadella on Wednesday announced the launch of a new skilling tool called 'Project Sangam' for Indian citizens.

Full Story >>

New Delhi [India], Feb 22 (ANI): According to Kaspersky Lab "Spam and phishing in 2016"report, about 20 percent of all spam emails in Q4 2016distributed ransomware Trojans. The Kaspersky Lab spam report also identified the following trends in 2016

Full Story >>

HP launches OMEN gaming portfolio in India

Updated: Feb 22, 2017 15:32 IST

New Delhi [India], Feb. 22 (ANI): HP Inc. launched the debut of its gaming portfolio in India - OMEN by HP, featuring an array of products built for gamers combining the latest in PC innovation, delivering power and performance to dominate competition.

Full Story >>

New Delhi [India], Feb. 22 (ANI): Optical fibre broadband service provider Spectranet on Wednesday announced their next phase of expansion in South India by launching its operations in Bengaluru.

Full Story >>

New Delhi, [India], Feb. 22 (ANI): ADDA GateKeeper, a security management platform for apartment complexes, launched a range of security measures to tighten security in large apartment complexes across most Tier I cities.

Full Story >>

Who controls your car without you knowing?

Updated: Feb 21, 2017 16:43 IST

New Delhi [India], Feb.21 (ANI): Kaspersky Lab researchers have examined the security of applications for the remote control of cars from several famous car manufacturers. As a result, the company's experts have discovered that all of the applications contain a number of security issues that can potentially allow criminals to cause significant damage for connected car owners.

Full Story >>

New Delhi [India], Feb 21 (ANI): World leader in digital security Gemalto is presenting the newest release of its On Demand Connectivity and eSIM technology for Windows 10 devices, in connection with Microsoft.

Full Story >>

New Delhi [India], Feb. 21 (ANI): In lieu of its eighth birthday on February 24, 2017, WhatsApp messenger, the instant messaging platform introduced a new update which is set to revamp the status feature.

Full Story >>

New Delhi [India], Feb 20 (ANI): NEC Corporation has announced that it has completed joint verification trials with NTT DOCOMO, Inc. using Massive Multiple Input Multiple Output (MIMO), a core technology for 5G base stations.

Full Story >>

New Delhi [India], Feb 19 (ANI): SyncNScan is a young company, which was set up by ex-Microsoft leaders and they were pioneers in introducing anti-virus for mobile devices.

Full Story >>

New Delhi [India], Feb. 17 (ANI): Ericsson introduced a 5G platform for the needs of the first movers in 5G. Communications are rapidly moving toward data-heavy applications like Virtual Reality and Augmented Reality everywhere.

Full Story >>

New Delhi [India], Feb. 17 (ANI): Aeris Communications' 'AerCloud' is an IoT cloud platform for collecting, managing and analysing sensor data for Internet of Things (IoT) and machine-to-machine (M2M) applications.

Full Story >>