Wednesday, December 28, 2016

Trojan Switcher: Android joins the group of devices, the attacker … – PCLab.pl

you Are in section press releases. Posted here the materials were developed by the company is not connected
by the editors PCLab.pl or Group Onet.pl SA. Edition PCLab.pl is not responsible for the content of the next release.

Experts of “Kaspersky Lab” has found an unusual evolution in the field of malicious software for Android Switcher. Pest refers to devices of unsuspecting users as a tool to infect the routers Wi-Fi, changing their DNS settings and route traffic from devices connected to the network of websites controlled by the attackers. Thus, users are vulnerable to phishing attacks, malware, adware and other threats, and also spread infection. The attackers claim that still managed to penetrate up to 1 280 wireless networks, mostly in China.

DNS Servers “explain” the web address in the form literowej, such as, ‘x.com’ on the numeric IP address needed for communication between computers. Submitted by Trojan Switcher the ability to capture this process means that cybercriminals have virtually full control over the activities of the network, which uses the name resolution system, such as Internet traffic. This method works because wireless routers usually rekonfigurują DNS settings for all devices on your network – forcing the use of one and the same about the DNS server on all devices connected to the network.

Infection to spread through users who download one of two versions of Trojan for Android with website created by criminals. The first version masquerades as designed for the Android client Chinese search engine Baidu, and the second about a well-made version of the popular Chinese applications to disseminate information about Wi-Fi networks.

When your device connects to the wireless network, trojan attacks the router and trying to access the admin interface using the method of power, relying on a long ready list of combinations of passwords and logins. If this attempt fails, then the trojan replaces the current address of the DNS server to false, controlled by attackers. To ensure stability in the event of an exception about the server, the attacker can add additional address.

To promote Trojan podszywającego under the popular app, cybercriminals have created a special website. The infrastructure in which it is stored, performs the role of server used by the attackers to control your malware. Internal statistics on the number of infections that were seen by analysts in the open part of this site, show that, in the opinion of the attacking infected was 1 280 Wi-Fi network, potentially exposing all the associated devices for further attacks and infection.

“Trojan Switcher signals a dangerous new trend associated attacks on devices connected to the network, and the network. Not attacking users in a direct way. Instead, turns them into involuntary shareholders: the physical, moving the source of the infection. Trojan attacks the entire network, exposing all its users, both individual and companies on a wide range of attacks – from phishing, adware, and malware further. Effective attack can be difficult to detect and even more difficult to neutralize: the new settings can survive to restart the router, and even when false, the DNS server is disabled, its performance may grab the supporting infrastructure. Device security is as important as always, but in the world oplecionym dense network calls, we can’t afford to ignore vulnerable routers and Wi-Fi network," said Nikita Ul, an expert on mobile security, “Kaspersky Lab”.

“Kaspersky’s Laboratory” recommends to all users to check the DNS settings in their network devices, and to look for the next fake DNS servers: 101.200.147.153, 112.33.13.11, 120.76.249.59. If in the settings is one of the listed addresses, you should immediately contact the technical support Department provider Internet services or to notify the owner of a Wi-Fi network. The Kaspersky Lab experts also recommend all users to change the default login and password to access their routers – this will help prevent such attacks in the future.

the technical Details about the Trojan Switcher available on the page https://kas.pr/DB3K.

Information can be used freely, subject to the instructions of the company “Kaspersky Lab” as the source.

All press releases Kaspersky Lab Polska is available on the page http://www.kaspersky.pl/nowosci.

LikeTweet

No comments:

Post a Comment