Gigantic 100,000-strong botnet used to hijack traffic meant for Brazilian banks

Gigantic 100,000-strong botnet used to hijack traffic meant for Brazilian banks - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: News (https://www.geeks.fyi/forumdisplay.php?fid=105)
+--- Forum: Privacy & Security News (https://www.geeks.fyi/forumdisplay.php?fid=107)
+--- Thread: Gigantic 100,000-strong botnet used to hijack traffic meant for Brazilian banks (/showthread.php?tid=3973)

Gigantic 100,000-strong botnet used to hijack traffic meant for Brazilian banks - silversurfer - 01 October 18

Quote:Over 100,000 routers have had their DNS settings modified to redirect users to phishing pages. The redirection occurs only when users are trying to access e-banking pages for Brazilian banks.

According to Netlab experts, the hackers are scanning the Brazilian IP space for routers that use weak or no passwords, accessing the routers' settings, and replacing legitimate DNS settings with the IPs of DNS servers under their control.

This change redirects all DNS queries that pass through the compromised routers to the malicious DNS servers, which respond with incorrect info for a list of 52 sites.

https://blog.netlab.360.com/70-different-types-of-home-routers-all-together-100000-are-being-hijacked-by-ghostdns-en/

Source: https://www.zdnet.com/article/gigantic-100000-strong-botnet-used-to-hijack-traffic-meant-for-brazilian-banks/