HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » General Discussion (Forum) » Tech Alert: Hackers Hijac...

Wed Mar 25, 2020, 09:30 AM

Tech Alert: Hackers Hijack Routers' DNS To Spread Malicious COVID-19 Apps

Posted by Slashdot (on Facebook) 30 mins ago:

From Bleeping Computer:

https://en.wikipedia.org/wiki/Bleeping_Computer


A new cyber attack is hijacking router's DNS settings so that web browsers display alerts for a fake COVID-19 information app from the World Health Organization that is the Oski information-stealing malware.

For the past five days, people have been reporting their web browser would open on its own and display a message prompting them to download a 'COVID-19 Inform App' that was allegedly from the World Health Organization (WHO).

After further research, it was determined that these alerts were being caused by an attack that changed the DNS servers configured on their home D-Link or Linksys routers to use DNS servers operated by the attackers.

As most computers use the IP address and DNS information provided by their router, the malicious DNS servers were redirecting victims to malicious content under the attacker's control.

"If your browser is randomly opening to a page promoting a COVID-19 information app, then you need to login to your router and make sure you configure it to automatically receive its DNS servers from your ISP," the report says.

It also recommends you set a strong password for your router and to disable remote administration.

"Finally, if you downloaded and installed the COVID-19 app, you should immediately perform a scan on your computer for malware.

Once clean, you should change all of the passwords for sites whose credentials are saved in your browser and you should change the passwords for any site that you visited since being infected."


15 replies, 833 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 15 replies Author Time Post
Reply Tech Alert: Hackers Hijack Routers' DNS To Spread Malicious COVID-19 Apps (Original post)
ancianita Mar 25 OP
Roland99 Mar 25 #1
ancianita Mar 25 #3
mikeysnot Mar 25 #5
Roland99 Mar 25 #6
mikeysnot Mar 25 #8
mikeysnot Mar 25 #2
ancianita Mar 25 #4
defacto7 Mar 25 #12
2naSalit Mar 25 #10
defacto7 Mar 25 #13
defacto7 Mar 25 #11
ancianita Mar 25 #14
dalton99a Mar 25 #15
FM123 Mar 25 #7
ancianita Mar 25 #9

Response to ancianita (Original post)

Wed Mar 25, 2020, 09:32 AM

1. First thing I did with my new router: change default user/pwd

Millions are probably still on factory default

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Roland99 (Reply #1)

Wed Mar 25, 2020, 09:33 AM

3. Good. I've always used strong passwords for my routers, too.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Roland99 (Reply #1)

Wed Mar 25, 2020, 09:34 AM

5. Ten years ago I went to a clients office to help

them and their router password was.... password1.


I changed that shit for them right away.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to mikeysnot (Reply #5)

Wed Mar 25, 2020, 09:36 AM

6. Or it's admin/admin

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Roland99 (Reply #6)

Wed Mar 25, 2020, 09:43 AM

8. HAHHAHA

I just realized that it was 16 years ago.... holy shit time flies.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to ancianita (Original post)

Wed Mar 25, 2020, 09:32 AM

2. Never save you passwords

on you browser. I type them in from memory or from notes.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to mikeysnot (Reply #2)

Wed Mar 25, 2020, 09:34 AM

4. Good advice.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to ancianita (Reply #4)

Wed Mar 25, 2020, 11:33 AM

12. Take a glance at post 11

Reply to this post

Back to top Alert abuse Link here Permalink


Response to mikeysnot (Reply #2)

Wed Mar 25, 2020, 10:18 AM

10. Same here.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to 2naSalit (Reply #10)

Wed Mar 25, 2020, 11:34 AM

13. Post 11 might be of interest.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to mikeysnot (Reply #2)

Wed Mar 25, 2020, 11:30 AM

11. Actually typing them is not safe either.

Keyboard strokes are easily monitored by malicious code. The safest way to go is to have a text file with the password saved in a protected directory. Copy and paste it to the password form, bring up a new text file and type nonsense to it then copy that to erase your copy buffer.

It's a hassle but that's what I do with important site access like the bank.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to defacto7 (Reply #11)

Wed Mar 25, 2020, 11:38 AM

14. Excellent tip, thank you. Even though I don't do electronic banking, I'll use that for any other

important digital work I do.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to defacto7 (Reply #11)

Wed Mar 25, 2020, 11:39 AM

15. +1

Reply to this post

Back to top Alert abuse Link here Permalink


Response to ancianita (Original post)

Wed Mar 25, 2020, 09:38 AM

7. Thanks for sharing this important information.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to FM123 (Reply #7)

Wed Mar 25, 2020, 09:52 AM

9. Happy to. We have enough problems as it is without being scammed.

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread