Hackers exploiting vulnerable routers to drop malicious “WHO” COVID-19 app

Hackers exploiting vulnerable routers to drop malicious “WHO” COVID-19 app

In the wake of the Coronavirus or COVID-19 pandemic, we’ve seen cybercriminals take full advantage and launch different attacks as we covered them recently on HackRead.com. Just yesterday it was reported that hackers are actively targeting the World Helth Organization (WHO).

Now, just yesterday, Bitdefender has published a new report which highlights how attackers are using DNS hijacking to target Linksys routers tricking users in downloading a piece of malware named “Oski infostealer”.

This payload is stored on a legitimate and famous version control system cum hosting service called Bitbucket which helps in convincing the user that they are not being misled. Furthermore, a URL shortener – TinyURL – is also used to help conceal the original download link on Bitbucket from the user.

See: Check your VPN DNS test tool legitimacy: Is it “legit” or deceptive

To start with the details, the attackers try to brute force the passwords of the routers they detect online. Elaborating on this, Bitdefender states,

It seems that attackers are bruteforcing some Linksys router models, either by directly accessing the router’s management console exposed online or by bruteforcing the Linksys cloud account.

Once this is done, they then change the domain name server sett ..