We identified a new
exploit kit we named Novidade that targets home or small office routers by changing their Domain Name System (DNS) settings via
cross-site request forgery (CSRF), enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with. Once the DNS setting is changed to that of a malicious server, the attacker can execute a pharming attack, redirecting the targeted website traffic from all devices connected to the same router by resolving targeted domains to the IP address of their server.
The earliest Novidade sample we found was from August 2017, and two different variants were identified since.
... ... ...