Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsTech Alert: Hackers Hijack Routers' DNS To Spread Malicious COVID-19 Apps
Posted by Slashdot (on Facebook) 30 mins ago:From Bleeping Computer:
https://en.wikipedia.org/wiki/Bleeping_Computer
A new cyber attack is hijacking router's DNS settings so that web browsers display alerts for a fake COVID-19 information app from the World Health Organization that is the Oski information-stealing malware.
For the past five days, people have been reporting their web browser would open on its own and display a message prompting them to download a 'COVID-19 Inform App' that was allegedly from the World Health Organization (WHO).
After further research, it was determined that these alerts were being caused by an attack that changed the DNS servers configured on their home D-Link or Linksys routers to use DNS servers operated by the attackers.
As most computers use the IP address and DNS information provided by their router, the malicious DNS servers were redirecting victims to malicious content under the attacker's control.
"If your browser is randomly opening to a page promoting a COVID-19 information app, then you need to login to your router and make sure you configure it to automatically receive its DNS servers from your ISP," the report says.
It also recommends you set a strong password for your router and to disable remote administration.
"Finally, if you downloaded and installed the COVID-19 app, you should immediately perform a scan on your computer for malware.
Once clean, you should change all of the passwords for sites whose credentials are saved in your browser and you should change the passwords for any site that you visited since being infected."
For the past five days, people have been reporting their web browser would open on its own and display a message prompting them to download a 'COVID-19 Inform App' that was allegedly from the World Health Organization (WHO).
After further research, it was determined that these alerts were being caused by an attack that changed the DNS servers configured on their home D-Link or Linksys routers to use DNS servers operated by the attackers.
As most computers use the IP address and DNS information provided by their router, the malicious DNS servers were redirecting victims to malicious content under the attacker's control.
"If your browser is randomly opening to a page promoting a COVID-19 information app, then you need to login to your router and make sure you configure it to automatically receive its DNS servers from your ISP," the report says.
It also recommends you set a strong password for your router and to disable remote administration.
"Finally, if you downloaded and installed the COVID-19 app, you should immediately perform a scan on your computer for malware.
Once clean, you should change all of the passwords for sites whose credentials are saved in your browser and you should change the passwords for any site that you visited since being infected."
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
15 replies, 1393 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (5)
ReplyReply to this post
15 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
Tech Alert: Hackers Hijack Routers' DNS To Spread Malicious COVID-19 Apps (Original Post)
ancianita
Mar 2020
OP
Roland99
(53,342 posts)1. First thing I did with my new router: change default user/pwd
Millions are probably still on factory default
ancianita
(36,053 posts)3. Good. I've always used strong passwords for my routers, too.
mikeysnot
(4,756 posts)5. Ten years ago I went to a clients office to help
them and their router password was.... password1.
I changed that shit for them right away.
Roland99
(53,342 posts)6. Or it's admin/admin
I just realized that it was 16 years ago.... holy shit time flies.
mikeysnot
(4,756 posts)2. Never save you passwords
on you browser. I type them in from memory or from notes.
ancianita
(36,053 posts)4. Good advice.
defacto7
(13,485 posts)12. Take a glance at post 11
2naSalit
(86,586 posts)10. Same here.
defacto7
(13,485 posts)13. Post 11 might be of interest.
defacto7
(13,485 posts)11. Actually typing them is not safe either.
Keyboard strokes are easily monitored by malicious code. The safest way to go is to have a text file with the password saved in a protected directory. Copy and paste it to the password form, bring up a new text file and type nonsense to it then copy that to erase your copy buffer.
It's a hassle but that's what I do with important site access like the bank.
ancianita
(36,053 posts)14. Excellent tip, thank you. Even though I don't do electronic banking, I'll use that for any other
important digital work I do.
FM123
(10,053 posts)7. Thanks for sharing this important information.
ancianita
(36,053 posts)9. Happy to. We have enough problems as it is without being scammed.