Linksys, D-Link Router Hacked to Spread Coronavirus Malware: What to Do Now (update)

Linksys, D-Link Router Hacked to Spread Coronavirus Malware: What to Do Now (update)

On April 15, Linksys reset all passwords for users' Smart Wi-Fi Remote Access accounts Details are as follows This article was originally published on March 27

If you have a Linksys or D-Link home Wi-Fi router, please check now that its admin password is strong and unique and that your router is not still using the factory default admin password

According to Bitdefender researchers and Bleeping Computer forum users, criminal hackers "brute force" your router's admin password over the Internet and change your router's DNS settings with Corona virus-themed malware because it allows them to attack your device

Your Internet traffic is then re-routed to fraudulent Coronavirus-related websites that attempt to infect your Windows computer with information-stealing malware that attempts to steal passwords, credit card numbers, session cookies, cryptocurrency

To protect yourself, the first thing you should do is change your router's administrator password to something unique and strong and reboot your router

Check the router's DNS settings for manual entries "10923435230" and "9410382249" If these numbers (actually IP addresses) are present, clear them, reboot the router, and reboot all devices in the home that connect to the Internet through the router

Don't let your browser store credit card numbers or important passwords -- they are too easy to hack It's too easy to be hacked

If you have the best antivirus program installed, it will likely detect the Windows malware downloaded by this campaign However, antivirus software cannot modify router settings

The DNS is like the Internet phone book, "wwwfoobarcom",」のようにコンピュータに入力したウェブサイトのアドレス(URL)を、「18822517230」のように見えるかもしれない一連の数字であるリアルネットワークのインターネットプロトコル(IP)アドレスに一致させる。(18822517230」のように見えるかもしれません(これは私が作ったもので、どこにも行きません)

but if hackers destroy your router, they can change the DNS settings so that "foobarcom" points to a completely different IP address When that happens, you may think you are accessing the real "foobarcom" -- it will show up in your browser's address bar -- but you are actually accessing a completely different website

That's what's happening here: according to Bitdefender's report, hackers are accessing Amazon, Disney, Cox, Reddit, University of Washington, University of Florida, and half a dozen other websites, redirecting intended traffic to websites that immediately pop up message windows

Bleeping Computer believes the situation is even worse It has evidence that corrupted DNS settings have hijacked Windows' built-in ability to periodically check Internet connections, resulting in almost every website popping up hacker messages

The message poses as the World Health Organization (WHO) and urges users to download and install an application that provides "the latest information and instructions on the coronavirus (COVID-19)"

Don't do it This application is really the Oski information-stealing Trojan, which is fairly new among information-stealing malware

D-Link and Linksys routers appear to be targeted because many home Wi-Fi routers from these brands ship with the remote access feature enabled by default When this feature is turned off, the only thing protecting the router from remote attacks is the strength of the administrator password

Linksys told The Register on April 15 that it locked all Linksys Smart Wi-Fi accounts on April 2 and then forced password resets on these accounts

Linksys Smart Wi-Fi allows users to "access their home network anytime, anywhere, from any mobile device"

"Linksys should have anticipated that thousands of users would use the same username and password for their smart Wi-Fi as they did for their other accounts

Not surprisingly: a series of attacks were launched to stuff Linksys routers with authentication information stolen in a data breach at another company

Jen Wei Warren, a Linksys spokesperson, told The Register, "The majority of the authentication requests [in these attacks] involved usernames that had never been registered on our system Multiple attempts were made using the same username with different passwords, which would not be necessary if our system had been compromised"

As mentioned earlier, if you have remote access enabled on your D-Link or Linksys home Wi-Fi router, turn off access The risks far outweigh the convenience

Categories