Bitdefender found that users were redirected to the download page of the COVID-19 information app through DNS hijacking. After users visit the page, they will not download any APP files, they will be directly infected by malicious programs, and the hacker will obtain encrypted wallet credentials and other private sensitive information.
Bitdefender researchers said that hackers launched attacks on vulnerable routers and used brute force to guess control panel passwords. This is not difficult to do, because many users’ account credentials are set by default. Once an attacker gains control of the router, changing DNS settings becomes very easy.
DNS settings are very important, as they work like a phone book. Whenever users type in the name of a website, DNS services can send them to the corresponding IP address that serves that particular domain name. In a nutshell, DNS works pretty much like your smartphones agenda: whenever you want to call someone you just look up their name instead of having to memorize their phone number.
Once attackers change the DNS IP addresses, they can resolve any request and redirect users to webpages that attackers control, without anyone being the wiser.
Bitdefender researchers believe that approximately 1,200 people were affected by the attack and that the team has so far found four separate malicious Bitbucket repositories. Geographically, most of the victims appear to be from the United States, Germany, and France.
If you are concerned about this attack, Bitdefender recommends that you change the login credentials of the router control panel, update the router firmware, and of course download the powerful antivirus software suite if you can.