Hackers are targeting several popular router brands in an attempt to hack devices and gain access to home networks. Bitdefender's investigation found that criminals hack devices and change DNS settings to display browser alerts prompting users to download fake coronavirus information apps. D-Link and Linksys routers are the most affected, with hackers using a brute force attack to gain access to the router's admin panel. Once there, the hackers change your DNS settings to direct web traffic to their servers.
Router hijacking
Once the router is hijacked using specific IP addresses, the routers share the user's browsing information with the hackers' servers. Hackers also use a predefined list of websites that, when visited, are automatically redirected to another site to trick users into downloading the fake Covid-19 app, purportedly from the World Health Organization (WHO). Domains that have been used to redirect users to the fake website are:- www.amazon.com
- goo.gl
- bit.ly
- washington.edu
- imageshack.us
- ufl.edu
- disney.com
- cox.net
- xhamster.com
- pubads.g.doubleclick.net
- drunk
- redditblog.com
- fiddler2. com
- winimage.com