Home » Feature Story » General » New Android ‘Switcher Trojan’ infects Wi-Fi routers by changing DNS settings

New Android ‘Switcher Trojan’ infects Wi-Fi routers by changing DNS settings

By Adamya Sharma | Updated on 05-Jun-2017
New Android ‘Switcher Trojan’ infects Wi-Fi routers by changing DNS settings
Adamya Sharma Adamya Sharma
05-Jun-2017
HIGHLIGHTS

The virus then redirects traffic from devices connected to the Wi-Fi network to websites controlled by attackers.

A new Android OS virus has been discovered by cybersecurity firm, Kaspersky Lab, and the same is being termed as ‘Switcher Trojan’. The virus infects Android OS powered devices and uses them as tools to infect a user’s Wi-Fi router. It then changes the DNS settings of the router and starts redirecting traffic from the Wi-Fi connected devices to websites controlled and operated by attackers, making users vulnerable to malware, phishing and adware attacks.

What happens is that when an IP address is assigned to a web address, the Switcher Trojan hijacks the process and gives the attackers complete control over the network activity.  This works because Wi-Fi routers usually change the DNS settings of all the devices connected to them, and reconfigure them to their own settings.

According to Kaspersky, “The infection is spread by users downloading one of two versions of the Android Trojan from a website created by the attackers. The first version is disguised as an Android client of the Chinese search engine, Baidu, and the other is a well-made fake version of a popular Chinese app for sharing information about Wi-Fi networks.” The company adds that the rogue DNS planted by attackers also has a secondary DNS as a backup, just in case the ongoing rogue DNS goes down. “The Switcher Trojan marks a dangerous new trend in attacks on connected devices and networks. It does not attack users directly. Instead, it turns them into unwilling accomplices: physically moving sources of infection. The Trojan targets the entire network, exposing all its users, whether individuals or businesses, to a wide range of attacks – from phishing to secondary infection. A successful attack can be hard to detect and even harder to shift: the new settings can survive a router reboot, and even if the rogue DNS is disabled, the secondary DNS server is on hand to carry on. Protecting devices is as important as ever, but in a connected world we cannot afford to overlook the vulnerability of routers and Wi-Fi networks,” said Nikita Buchka, mobile security expert, Kaspersky Lab.

The company warns that all users should check their DNS settings and search for the following rogue DNS servers:

  • 101.200.147.153

  • 112.33.13.11

  • 120.76.249.59

If any of these servers are found in DNS settings, then it is recommended that users contact their Internet Service Providers and change login IDs, passwords.

Adamya Sharma

Adamya Sharma

Managing editor, Digit.in - News Junkie, Movie Buff, Tech Whizz! View Full Profile

New Mobiles
iQOO Z9s 5GTecno Pova 6 NeoHonor 200 Literealme NARZO 70 Turbo 5G
Top-10s
Best OnePlus Mobile Phones in IndiaBest Motorola Smartphones in IndiaBest Gaming Phones under ₹10,000 in IndiaBest Quad Camera Mobile Phones in India
Latest News
Amazon Great Indian Festival 2024: Sale date, offers and more revealedBest Xiaomi smartphones under ₹15,000: September 2024Intel India Leaders on the AI PC Revolution: “The Tipping Point Is Now”Did Earth ever have rings like Saturn? Study links asteroid breakup to climate change
Digit

Digit.in is one of the most trusted and popular technology media portals in India. At Digit it is our goal to help Indian technology users decide what tech products they should buy. We do this by testing thousands of products in our two test labs in Noida and Mumbai, to arrive at indepth and unbiased buying advice for millions of Indians.

Follow us : logo logo logo logo logo logo
Company About Us Contact Us Advertise with us Regulatory Terms & Conditions Privacy Policy Disclaimer Complaint Redressal
Copyright © 2024 Bennett, Coleman & Company Limited All Rights Reserved.
Digit.in
Logo
Digit.in
Logo