Hijack attack aims to grab bank details via routers

Hijack attack aims to grab bank details via routers


Researchers at DDoS protection specialist Radware have uncovered an attack aimed at Brazilian bank customers that seeks to steal credentials via a compromised router.

It employs malware that targets DLink DSL modem routers using exploits dating back to 2015. A malicious agent attempts to modify the DNS server settings in the routers of Brazilian residents, redirecting all their DNS requests through a malicious server.

The malicious DNS server is then hijacking requests for the host name of Banco de Brasil and redirecting to a fake, cloned website hosted on the same malicious DNS server, which has no connection whatsoever to the legitimate Banco de Brasil website.

Another Brazilian financial institution, Itau Unibanco, is also being redirected, although does not — as yet — have a cloned website. For all other DNS requests, the malicious server simply works as a forwarder and resolves just as an ISP DNS server would.

“This new attack is directly impacting the owners of IoT devices: the consumers,” says Radware cybersecurity evangelist Pascal Geenens. “We have seen many different attacks on IoT devices and botnets enslaving these vulnerable, unmanaged devices in past, but most were not affecting the consumer directly. As long as their routers were still connecting them to the world wide web, consumers didn’t really care that their devices were involved in devastating DDoS attacks on online businesses or that their devices were helping to conceal targeted attacks of nation state-sponsored hackers. After BrickerBot, this is the second warning to consumers to start caring, be aware of the risks.”

What’s clever about this approach is that the hijacking is performed without any interaction from the user and with no need to infect the browser. Users may therefore be completely unaware of the change. The hijacking works without crafting or changing URLs in the user’s browser. A user can be using any browser and regular bookmarks, they can type in the URL manually or even use it from mobile devices, such as a smartphone or tablet. However they try to access it the user will still be sent to the malicious website instead of to their requested address.

Users are advised to check the primary and secondary DNS server settings in the IP configuration of mobile devices, computers or routers. Modern browsers will clearly indicate an issue with the certificate of the fake website and this shouldn’t be ignored.

You can see more details of the attack on the Radware blog.

Image Credit Konstantinos Kokkinis/Shutterstock

(function(d, s, id)
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = “http://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.4&appId=230284516983405”;
fjs.parentNode.insertBefore(js, fjs);
(document, ‘script’, ‘facebook-jssdk’));

Source link

REPORTS INTEGRATION TAGS SETTINGS Integration Tag(s) Domain:Select domain gadgetgaliyara.com Tag Type: DFP Non-DFP Ad Unit:Select ad unit vi stories IAB Category:Select IAB Category IAB19-6 - Cell Phones Language:Select language English Div ID:Enter ID wp_insert_vi_ad Keywords:Enter keywords Gadget,Gadgets,Tech news, Mobile Phone, Latest Mobile, Laptop, Latest Laptop, New Mobile,Smartphone, Tech Review, Gadget Review, Mobile Review Font:Select font Font SizeEnter font size Text Color:Select color Background Color:Select color vi Optional 1:Enter vi optional 1 vi Optional 2:Enter vi optional 2 vi Optional 3:Enter vi optional 3 Ads.txt:You have not added us to your ads.txt Click here to manually set ads.txt Generated Tag:
This story has been sourced from a third party syndicated feed, agencies. Bollywood Galiyara accepts no responsibility or liability for its dependability, trustworthiness, reliability and data of the text. BollywoodGaliyara.com reserves the sole right to alter, delete or remove the content.