01 October 18, 13:44
Quote:Over 100,000 routers have had their DNS settings modified to redirect users to phishing pages. The redirection occurs only when users are trying to access e-banking pages for Brazilian banks.
According to Netlab experts, the hackers are scanning the Brazilian IP space for routers that use weak or no passwords, accessing the routers' settings, and replacing legitimate DNS settings with the IPs of DNS servers under their control.
This change redirects all DNS queries that pass through the compromised routers to the malicious DNS servers, which respond with incorrect info for a list of 52 sites.
https://blog.netlab.360.com/70-different...ostdns-en/
Source: https://www.zdnet.com/article/gigantic-1...ian-banks/