Hackers Hijack Routers’ DNS to Spread Malicious COVID-19 Apps

dave14305 · Mar 24, 2020

Another reason not to enable WAN access to your router’s management interface...

https://www.bleepingcomputer.com/ne...outers-dns-to-spread-malicious-covid-19-apps/

RMerlin · Mar 24, 2020

For victims of this attack, when Windows performs this NCSI active probe, instead of being connected to the legitimate 13.107.4.52 Microsoft IP address, the malicious DNS servers send you to a web site located at 176.113.81.159.

Can someone tell me why DNSSEC isn't more commonly implemented yet, especially on such critical domain names?

thiggins · Mar 26, 2020

Ars article about Linksys routers compromised if WAN admin is enabled.
https://arstechnica.com/information...nds-users-to-spoofed-sites-that-push-malware/

The Bitdefender blog post that originated both warnings.
https://labs.bitdefender.com/2020/0...-attacks-abuse-bitbucket-to-host-infostealer/

Thread starter	Title	Forum	Replies	Date
	Some good news too. Hackers get hacked/taken down.	General Network Security	1	Oct 20, 2023
	Hackers Stole Access Tokens from Okta’s Support Unit	General Network Security	17	Oct 20, 2023
T	6000 Asus routers in 72 hours!!!	General Network Security	2	Mar 26, 2024
C	AVrecon malware infects 70,000 Linux routers to build botnet	General Network Security	5	Jul 14, 2023
	New Threats to Asus Routers, few details.	General Network Security	49	May 25, 2023

Search

Search

Hackers Hijack Routers’ DNS to Spread Malicious COVID-19 Apps

dave14305

Part of the Furniture

RMerlin

Asuswrt-Merlin dev

thiggins

Mr. Easy

Similar threads

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Members online