A newly-discovered Trojan named “Switcher Trojan” uses Android devices to infect Wi-Fi routers, changing the routers’ DNS settings and redirecting traffic from devices connected to the network to websites controlled by the attackers, leaving users vulnerable to phishing, malware and adware attacks and more.
The ability of the Switcher Trojan to hijack the DNS process gives the attackers almost complete control over network activity which uses the name-resolving system, such as internet traffic. The approach works because wireless routers generally reconfigure the DNS settings of all devices on the network to their own – thereby forcing everyone to use the same rogue DNS.
The infection is propagated by users downloading one of two versions of the Android Trojan from a website created by the attackers. The first version is disguised as an Android client of the Chinese search engine, Baidu, and the other is a well-made fake version of a popular Chinese app for sharing information about Wi-Fi networks.
IS Buzz News
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street