Hackers Hijack Routers’ DNS to Spread Malicious COVID-19 Apps

dave14305 · Mar 24, 2020

Another reason not to enable WAN access to your router’s management interface...

https://www.bleepingcomputer.com/ne...outers-dns-to-spread-malicious-covid-19-apps/

RMerlin · Mar 24, 2020

For victims of this attack, when Windows performs this NCSI active probe, instead of being connected to the legitimate 13.107.4.52 Microsoft IP address, the malicious DNS servers send you to a web site located at 176.113.81.159.

Can someone tell me why DNSSEC isn't more commonly implemented yet, especially on such critical domain names?

thiggins · Mar 26, 2020

Ars article about Linksys routers compromised if WAN admin is enabled.
https://arstechnica.com/information...nds-users-to-spoofed-sites-that-push-malware/

The Bitdefender blog post that originated both warnings.
https://labs.bitdefender.com/2020/0...-attacks-abuse-bitbucket-to-host-infostealer/

Thread starter	Title	Forum	Replies	Date
J	14,000 routers are infected by malware (mainly ASUS)	General Network Security	2	Mar 12, 2026
	WrtHug, a widespread compromise of ASUS routers (via AiCloud)	General Network Security	24	Nov 19, 2025
	“GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers”	General Network Security	34	May 28, 2025

Search

Search

Hackers Hijack Routers’ DNS to Spread Malicious COVID-19 Apps

dave14305

Part of the Furniture

RMerlin

Asuswrt-Merlin dev

thiggins

Mr. Easy

Similar threads

Similar threads

Latest threads

Support SNBForums w/ Amazon

Sign Up For SNBForums Daily Digest

Members online

We value your privacy