It’s not longer a surprise now a days to find a new Android Malware. Therefore, at Kaspersky Lab researchers have came across new Android Trojan which they are assuming is “quite unique”. “Switcher” is said to be the latest Android Trojan that doesn’t attacks the user but the router of Wi-Fi from which the user is connected to. Switcher hacks the wireless routers and changes its DNS settings to redirect the traffic of various websites. interesting , right! Well here is how it works. It is disguised as an Android client for the Chinese search engine Baidu. Sharing and locating the Wi-Fi login information by using the Chinese app.

Routers Being Infected By DNS Hijacking, Android Trojan. When the user install any kind of these applications the malware attempts to launch a brute-force attack to know the password. Which is known as DNS hijacking, on the router`s admin web interface, the switcher performs the brute force password guessing attack. If it succeeds, the address of the DNS servers in the router settings is being changed and rerouting all the DNS queries from the connected devices to the servers of the attackers. It tries to login with the help of JavaScript using different combinations of passwords and logins.

dnschanger router malware Wireless Routers are Being Hijacked By A New Android Malware, A New Threat.via: thehackernews.com

Judged by the hard-coded name of the structures of HTML documents and the input fields that Trojan tries to access, JavaScript code will only work on the web interface of TP-LINK Wi-Fi routers.The assault of the brute force is launched with a predefined lexicon of username and password blends, including admin:admin, admin:123456, admin:1111111, admin:00000000, and so forth.
On the off chance that the interface is accessed, the Android trojan then replaces the gadget’s essential and auxiliary DNS servers with IP addresses that indicate maverick servers. The DNS (Domain Name System) is utilized for settling comprehensible names (e.g. google.com) into an IP address. Whenever assaulted, the web router will impart “with a totally extraordinary system asset. This could be a fake google.com, sparing all your pursuit demands and sending them to the cyber-criminals, or it could simply be an irregular site with a group of fly up advertisements or malware.”

Ring unveiled a floodlight cam at CES and it's equipped with a new siren

Following pictures demonstrate the distinctions in how these questions are processed.

router dns android malware Wireless Routers are Being Hijacked By A New Android Malware, A New Threat.via: thehackernews.com

“Undoubtedly, the similar configuration for the router of Wi-Fi involves making up the DNS setting for the device being connected to it as same as its own. Therefore forcing all the devices using the same Rouge network DNS” warned by Buchka. “The entire network of the Trojan target, exposing all its users, whether businessman or individuals.