Tue. Dec 10th, 2019

The researcher found the hijacking campaign aimed at Brazilian bank customers

2 min read

A few days ago, the Radware security company discovered that a hacker was exploiting the security vulnerability of the router, and the security vulnerability could be used to modify the router configuration without authentication. The purpose of the hacker is to tamper with the router’s configuration and then direct the user to a hacker-controlled phishing website to steal the online banking login account and password.

Fortunately, because the hacker can not forge the bank’s digital certificate, it is intercepted by the browser. At present, no user has reported the loss of money due to such attacks. These router security vulnerabilities had been fixed a few years ago. These attacked users are caused by the fact that the firmware has not been updated so far.

The report said that hackers write automatic scripts and then scan a specific type of routers across the network. The script’s built-in attack code automatically performs the attack. Therefore, many users have been hacked but do not need to interact, so users are not aware that their routers have been controlled and modified by hackers.

The hacker mainly tampers with the router’s DNS server settings and modifies it to the hacker’s own controlled DNS server to control the websites visited by the user. But the hacker is very cautious, so users will not find problems when they visit most sites until they visit some banks’ online banking login addresses and start reporting errors.

On the phishing website, hackers ask users to provide critical information such as account numbers, passwords, mobile phone numbers, and even phishing websites to fake payment pages.