The security flaws in the Android stopped being a novelty and become something that is accepted almost "normal". This is not a perfect system, it is the most used and this allows a greater exposure to security issues.
A new malware has been discovered and, instead, to engage in stealing data of the users, it prefers to attack the routers to which the user connects, by changing you DNS.
This new malware from Android, which is to be called the Switcher, it has a totally different approach from what we have seen until today. Doesn’t focus on the data of the users and not the operating system itself. It prefers to attack other elements of the network that the smartphone is switched on, looking for as a preferred target of the access routers to the Internet, where you try to change the DNS servers defined.
To be able to do so, you gain greater control over the remaining equipment and ensures a much greater impact, since all connected with the infected network they use these new DNS servers.
With work this attack in Android
As we said before, the Switcher doesn’t look for Android, and would prefer to use it as a means to get to the routers that provide access to the Internet, spreading in wireless networks where the Android connects. The idea of this malware is to change DNS servers defined, moving to the use of another, controlled by the attacker.
to be able To access these routers, the Switcher uses a brute-force technique, trying to figure out the access data using the dictionaries as well known.
After gaining access to the routers can detect what equipment and changes, using javascript and web access, DNS servers defined. The brand of routers that the Switcher the most in demand is the TP-Link.
To achieve this shift, changes to these servers defined on all equipment that connect to this network, because most of them receive these servers through the DHCP service.
The final result will be the forward users to sites that have nothing to do with those who want to visit, where they will receive unwanted advertising and even, probably, new infections of malware and viruses.
From what we know, this malware is being propagated through a false application to search on Baidu, and another that is dedicated to sharing access to the wireless networks.
This is all the more reason to be extra careful and do not leave the equipment configured with the passwords of the factory or with passwords simple and easy to guess. Up to now there is still no solution to this problem.
No comments:
Post a Comment