Another Android OS virus has been found by cybersecurity firm, Kaspersky Lab, and the same is being named as ‘Switcher Trojan’. The infection contaminates Android OS controlled gadgets and utilization’s them as apparatuses to infect a client’s Wi-Fi router. It then changes the DNS settings of the router and begins diverting activity from the Wi-Fi associated gadgets to sites controlled and operated by attackers, making clients powerless against malware, phishing and adware attacks.
What happens is that when an IP address is assigned out to a web address, the Switcher Trojan seizes the procedure and gives the assailants finish control over the system action. This works since Wi-Fi routers for the most part change the DNS settings of the considerable number of gadgets associated with them, and reconfigure them to their own settings.
According to Kaspersky, “The infection is spread by users downloading one of two versions of the Android Trojan from a website created by the attackers. The first version is disguised as an Android client of the Chinese search engine, Baidu, and the other is a well-made fake version of a popular Chinese app for sharing information about Wi-Fi networks.” The company adds that the rogue DNS planted by attackers also has a secondary DNS as a backup, just in case the ongoing rogue DNS goes down. “The Switcher Trojan marks a dangerous new trend in attacks on connected devices and networks. It does not attack users directly. Instead, it turns them into unwilling accomplices: physically moving sources of infection. The Trojan targets the entire network, exposing all its users, whether individuals or businesses, to a wide range of attacks – from phishing to secondary infection. A successful attack can be hard to detect and even harder to shift: the new settings can survive a router reboot, and even if the rogue DNS is disabled, the secondary DNS server is on hand to carry on. Protecting devices is as important as ever, but in a connected world we cannot afford to overlook the vulnerability of routers and Wi-Fi networks,” said Nikita Buchka, mobile security expert, Kaspersky Lab.
The company warns that all users should check their DNS settings and search for the following rogue DNS servers:
It is recommended that users contact their ISP’s and change login IDs, passwords if any of these servers are found in DNS settings.