An Android Trojan capable of attacking routers controlling the wireless networks of its victims has been discovered by security researchers.
Called the Switcher Trojan, the malware is capable of redirecting all traffic from Wi-Fi connected devices on the network into the hands of cybercriminals. This could potentially lead to fraud and data theft.
Researchers at Kaspersky Lab who compiled the report say this is the first time an Android malware has been used to attack routers in this manner. The Trojan trespasses the router's admin interface by using a long, predefined list of password and login combinations. If the attack succeeds, the Trojan alters the Domain Name Servers (DNS) settings of the router, making it possible to reroute DNS queries on the infected network onto a network controlled by the hackers.
DNS-hijacking allows hackers to monitor all traffic on the network, providing them with all the information they need to carry out other cybercriminal or malicious activities. Once the hacker has control of the DNS, they can direct others who access it to a web page that looks the same, but contains extra content such as advertisements. They may also direct users to pages containing malware or a third-party search engine.
Prior to this, US security firm Proofpoint discovered an exploit kit called DNSChanger EK that aims to serve an endless series of malicious ads on every single website the user visits. This affected routers from many popular brands including models by Netgear, D-Link, Linksys, Pirelli, Zyxel and Comtrend.