Hackers Hijack Routers' DNS To Spread Malicious COVID-19 Apps


An anonymous reader quotes a report from Bleeping Computer: A new cyber attack is hijacking router's DNS settings so that web browsers display alerts for a fake COVID-19 information app from the World Health Organization that is the Oski information-stealing malware. For the past five days, people have been reporting their web browser would open on its own and display a message prompting them to download a 'COVID-19 Inform App' that was allegedly from the World Health Organization (WHO). After further research, it was determined that these alerts were being caused by an attack that changed the DNS servers configured on their home D-Link or Linksys routers to use DNS servers operated by the attackers. As most computers use the IP address and DNS information provided by their router, the malicious DNS servers were redirecting victims to malicious content under the attacker's control. "If your browser is randomly opening to a page promoting a COVID-19 information app, then you need to login to your router and make sure you configure it to automatically receive its DNS servers from your ISP," the report says. It also recommends you set a strong password for your router and to disable remote administration. "Finally, if you downloaded and installed the COVID-19 app, you should immediately perform a scan on your computer for malware. Once clean, you should change all of the passwords for sites whose credentials are saved in your browser and you should change the passwords for any site that you visited since being infected."

Hackers Hijack Routers  DNS To Spread Malicious COVID-19 Apps

Read more of this story at Slashdot.


Tags: Tech, World Health Organization, World Health Organization WHO, Oski

Source:  http://rss.slashdot.org/~r/Slashdot/slashdot/~3/oAPqvUyce_g/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps