Security News Switcher Android Malware Hacks TP-Link Routers, Changes DNS Settings

[LASER_oneXM]

... some quotes from the article above:

An Android trojan named Switcher (Trojan.AndroidOS.Switcher) targets Android devices in order to take over local WiFi routers and hijack the web traffic passing through them.

Discovered by security researchers from Kaspersky Lab, this trojan is currently distributed among Chinese users as a clone of the official Baidu Android app (com.baidu.com), and as an application for sharing details and passwords about public and private WiFi networks (com.snda.wifilocating).

Switcher brute-forces local WiFi routers
The way this trojan works is by collecting information on the user's WiFi network after infecting a phone or tablet. Switcher sends this information to a public C&C server, which determines the user's ISP and decides on what DNS records to use at a later stage.
Once the trojan gets the go-ahead from its C&C server, Switcher attempts to login on the user's home WiFi router by trying a set of default admin credentials.

Hijacking DNS settings simplifies phishing operations

Hijacking DNS servers is an ancient malware technique, used by multiple families in the past. The reason behind hijacking DNS servers is to re-route users to clones of legitimate websites, hosted on the crooks' own servers.

This way, the attacker can collect login credentials for banking portals, social media profiles, online stores, and others.

More recently, exploit kits such as Stegano have also started targeting home routers, in order to hijack web traffic and insert unwanted ads.

 

[Dani Laub]

... some quotes from the article above:

I am currently being hacked apart. I have gathered a lot of information but don't know exactly what it all means. I don't know what malware it is. It resembles many I've investigated. Possible Ghost. I'm an older woman and don't know anything about all this terrible hacking. But it's been very emotionally draining for me. I feel like I'm being stalked and I'm scared. Please help!

 

[AtlBo]

Dani. If you look at the top of your browser, you should see a header titled "Malware Removal Assistance. Read and follow the instructions there on the page and in the link provided as much as you can. Then at the top of the same page on the right side, click on "Post New Thread". Include the type of device you are using in the title of the new thread and then that you have been hacked. In the body of the new thread, explain (according to what you read in the prepost instructions) the problem and then at the bottom of the page click to start your new thread. Someone will assist you as soon as they are available to do so. Shouldn't take too long.

 

[Dani Laub]

I hope my new thread posted.

 

[AtlBo]

I didn't see your post. Something must have gone wrong. This is the link you want:

Malware Removal Assistance

Before you scroll down, if you look to the right side of the page, you will see a button which says "Post New Thread". When you are ready to post, click on the button. The fill out the information and add the details of the problems you are having with your phone or computer into the white box at the bottom of the page. Then press the "Create Thread" button. That should create your new thread, and someone should help you soon.

Good luck. If you have any more difficulties creating your thread, please post here again. We will get your thread up somehow.

 

[Dani Laub]

As we speak this unknown network has tried to access my phone 5 times in the last 10 minutes. Who can help?

 

[AtlBo]

Dani. I'm not an expert on phones. I don't have a smart phone. It looks like to me that someone is targeting your phone remotely to use it as part of a network for DDOS attacks on a company or website or of the like. Just a guess. I think your software is effectively blocking the attack. The warning level is low, which could indicate that the source is some distance from you, although I don't know about this. I would suggest you blacklist the network (this is what I would do), but I don't know if you can. Is your phone working for you to be able to do this?

You may want to talk with your phone service provider. If nothing has reached your phone I think you will be OK phone-wise. They might be able to help you more on their end to block the attack. In the mean time, if you can, I recommend first trying to blacklist the connection. If it comes back as another connection, then I would call your internet service provider/phone service provider and see what they say.

Otherwise, you may elect to post in the Malware Assistance area. They are 100% here to help on a voluntary basis and will be happy to help you.

 

[Dani Laub]

Dani. I'm not an expert on phones. I don't have a smart phone. It looks like to me that someone is targeting your phone remotely to use it as part of a network for DDOS attacks on a company or website or of the like. Just a guess. I think your software is effectively blocking the attack. The warning level is low, which could indicate that the source is some distance from you, although I don't know about this. I would suggest you blacklist the network (this is what I would do), but I don't know if you can. Is your phone working for you to be able to do this?

You may want to talk with your phone service provider. If nothing has reached your phone I think you will be OK phone-wise. They might be able to help you more on their end to block the attack. In the mean time, if you can, I recommend first trying to blacklist the connection. If it comes back as another connection, then I would call your internet service provider/phone service provider and see what they say.

Otherwise, you may elect to post in the Malware Assistance area. They are 100% here to help on a voluntary basis and will be happy to help you.

 

[Dani Laub]

Thank you once again for the advice and encouragement

 

[AtlBo]

You're welcome. Hope you get your phone back quickly.

 

[Solarquest]

I would download through Google play Bitdefender and run a scan of memory and apps while waiting for help from the removal help forum.
There is a free version, Bitdefender antivirus free.
Pls let us know if and what it found, malware, shareware, pup.