Hackers are hijacking routers to push malware-laden Covid-19 apps

News
By published

Be sure your router settings are hidden behind a strong password.

(Image credit: Pixabay)

Well, this is crummy (albeit not surprising)—hackers have begun targeting home and small office routers with presumably weak passwords to change the DNS settings and redirect users to malicious websites masquerading as legitimate resources for Covid-19.

"Covid-19 is a recurring theme that cybercriminals have been abusing to trap victims. Malicious reports involving coronavirus-themed malware have increased five-fold in March from February, with attackers using phishing scams that exploit coronavirus misinformation and fear regarding medical supply shortage," BitDefender states in a blog post.

According to BitDefender, attackers are mostly focusing their efforts on Linksys-brand routers, though Bleeping Computer notes that D-Link models have been the target of related hacking attacks as well. In either case, hackers appear to be "brute forcing" their way into routers—i.e., attempting to guess passwords and passphrases, both locally and in the cloud.

Once inside, hackers change the DNS IP settings. The byproduct of this is being able to redirect web queries to specific websites, which in this case are ones purporting to be informational sites related to the coronavirus pandemic. 

"What’s interesting is that, by changing the DNS settings on the router, users would actually believe they’ve landed on a legitimate webpage, except that it’s served from a different IP address. For example, when users type 'example.com', instead of the webpage being served from a legitimate IP address, it would be served from an attacker-controlled IP that’s resolved by the malicious DNS settings," BitDefender explains.

"If the attacker-controlled webpage is a spot-on facsimile, users would actually believe they’ve landed on a legitimate webpage, judging from the domain name in the browser’s address bar," BitDefender adds.

The spoofed websites encourage users to download an informational Covid-19 app in order to "have the latest information and instructions about coronavirus." It claims to be from the World Health Organization, but is definitely not.

Some of the targeted domains include washington.edu, aws.amazon.com, cox.net, disney.com, and redditblog.com, to name a few.

"It’s recommended that, besides changing the router’s control panel access credentials (which are hopefully not the default ones), users should change their Linksys cloud account credentials, or any remote management account for their routers, to avoid any takeovers via brute forcing or credential-stuffing attacks," BitDefender says.

In addition, it's a good idea to make sure you are running the latest firmware version for your router.

Paul Lilly
Paul Lilly

Paul has been playing PC games and raking his knuckles on computer hardware since the Commodore 64. He does not have any tattoos, but thinks it would be cool to get one that reads LOAD"*",8,1. In his off time, he rides motorcycles and wrestles alligators (only one of those is true).

Latest in Networking
Netgear Nighthawk XR1000
Netgear says certain router owners should 'download the latest firmware as soon as possible' to patch a critical vulnerability
TP-Link AXE75 Wi-Fi 6E router
US congressman calls again for the government to ban Chinese-made TP-Link routers: 'I would not have that in my home'
An illustration of a silhouetted thief in motion running while carrying a stolen fingerprint. This could represent individuality, identity, privacy concerns, or a concept of personal data being in motion or at risk. The combination of the human form with the unique identifier of a fingerprint offers a visual metaphor for themes such as identity theft, digital security, or the trace we leave behind in a digital age. The overall aesthetic is bold and dynamic, fitting for topics of cybersecurity, personal identity, or discussions about the intersection of humanity and technology.
Hackers hijack over 16,000 TP-Link network devices, creating a big ol' botnet that's absolutely slamming Microsoft Azure accounts
Netgear Nighthawk RS300 Wi-Fi 7 router
Netgear Nighthawk RS300 review
TP-Link Archer GE800 router
US lawmakers believe TP-Link networking products come with an 'unusual degree of vulnerabilities' leaving them vulnerable to hackers
A racing car in F1 2022 game with a cartoon explosion overlayed on top
Today I learned F1 cars can have their engines disabled wirelessly via IP connection
Latest in News
A mech awakens.
Mecha Break developer is considering unlocking all mechs following open beta feedback
Lara Croft Unified Art
Tomb Raider developer Crystal Dynamics lays off 17 employees 'to better align our current business needs and the studio's future success'
A long bendy arm stealing money from people in a subway car
'You're a very long arm. You steal things. It's a comedy game,' explains developer of comedy game where you steal things with a very long arm
The heroes are attacked by monsters
Pillars of Eternity is getting turn-based combat to mark its 10th anniversary, and that means PC Gamer editors will soon be arguing about combat mechanics again
Image of Ronaldo from Fatal Fury: City of the Wolves trailer
It doesn't really make sense that soccer star Ronaldo is now a Fatal Fury character, but if you follow the money you can see how it happened
Junah beginning a battle in Metaphor: ReFantazio.
Today's RPG fans are 'very sensitive to feeling like they wasted time' when they die, says Metaphor: ReFantazio battle planner—but Atlus still made combat hard anyway
More about networking
Netgear Nighthawk XR1000

Netgear says certain router owners should 'download the latest firmware as soon as possible' to patch a critical vulnerability
TP-Link AXE75 Wi-Fi 6E router

US congressman calls again for the government to ban Chinese-made TP-Link routers: 'I would not have that in my home'
A mech awakens.

Mecha Break developer is considering unlocking all mechs following open beta feedback
See more latest
Most Popular
A mech awakens.
Mecha Break developer is considering unlocking all mechs following open beta feedback
Lara Croft Unified Art
Tomb Raider developer Crystal Dynamics lays off 17 employees 'to better align our current business needs and the studio's future success'
A long bendy arm stealing money from people in a subway car
'You're a very long arm. You steal things. It's a comedy game,' explains developer of comedy game where you steal things with a very long arm
The heroes are attacked by monsters
Pillars of Eternity is getting turn-based combat to mark its 10th anniversary, and that means PC Gamer editors will soon be arguing about combat mechanics again
Image of Ronaldo from Fatal Fury: City of the Wolves trailer
It doesn't really make sense that soccer star Ronaldo is now a Fatal Fury character, but if you follow the money you can see how it happened
Junah beginning a battle in Metaphor: ReFantazio.
Today's RPG fans are 'very sensitive to feeling like they wasted time' when they die, says Metaphor: ReFantazio battle planner—but Atlus still made combat hard anyway
Image of Cersei Lanniser from Game of Thrones: Kingsroad Steam early access trailer
A new Game of Thrones RPG is coming to Steam today with a cast of 'familiar faces,' which is good because it's really the only way to tell it's a GoT game at all
The new Prime Asset featured in the upcoming update for the Outlast Trials.
The Outlast Trials puts its already paranoid players under surveillance for a time-limited story event
A Viera looking confused in Final Fantasy 14.
Old armor continues to fall victim to Final Fantasy 14's bizarre two-channel dye system, unless you're super into changing the colour of teeny-tiny eyelets: 'Why even bother at this point?'
Otter AI Meeting Agent
As if your work meetings weren't already fun enough, now Otter has a new all-hearing AI agent that remembers everything anyone has said and can join in the discussion