Brazilian users have been targeted by
a large number of router attacks aimed at modifying the configuration of their routers for malicious purposes.
This year, security experts at Avast have blocked more than 4.6 million
The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones.
Crooks targeted users of many major organizations, including Netflix and large banks like Santander, Bradesco, and Banco do Brasil.
A router CSRF attack could be launched by tricking victims into visiting a compromised website with malicious advertising (
“Avast frequently observes
Avast researchers also observed crooks using DNS hijacking to deliver crypto mining scripts to users’ browsers.
In April 2019, experts at Bad Packets uncovered a new wave of attacks mainly aimed at compromising D-Link routers, many of them hosted belonging to Brazilian users.
According to Avast, in the first half of 2019, hackers have modified the DNS settings of over 180,000 Brazilian routers with even more complex attacks.
The router attacks involved an exploit kit that attempts to find the router IP on a network, then attempts to guess the password using common login credentials.
“The password “gvt12345”, for example, suggests that hackers target users with routers from the former Brazilian internet service provider (ISP) GVT, which was acquired by Teleônica Brasil, and is the largest telecommunications company in the country.” states the analysis published by Avast. “The password “vivo12345” is used on routers distributed by the ISP Vivo, which is also Telefônica Brasil brand.”
Experts explained that the GhostDNS variant Novidade was one of the most active in router attacks against Brazilian users.
Avast confirmed that Novidade attempted to infect its users’ routers over 2.6 million times in February alone, the experts observed at least three campaigns spreading the malware.
In the past three months, experts also uncovered three
“Users should be careful when visiting their bank’s or Netflix’s website, and make sure the page has a valid certificate, by checking for the padlock in the browser URL bar. Additionally, users should frequently update their router’s firmware to the latest version, and set up their router’s login credentials with a strong password.” concludes Avast.
The post For nearly a year, Brazilian users have been targeted with router attacks appeared first on Security Affairs.