Switcher: This Android Malware Attacks Your Wi-Fi Router And …

Short Bytes: A dangerous Android malware named Trojan.AndroidOS.Switcher has been detected by a confidence researchers during Kaspersky Lab. The malware, sheltered as dual opposite mobile apps, tries to beast force a cue of Wi-Fi routers and control a whole network. Surprisingly, a antagonistic settings even conduct to survive a router reboot. Researchers have common few rogue DNS servers that users need to check.

The malware targeting the Android handling complement aren’t new though we keep saying opposite varieties from time to time. One such new Android malware, dubbed Trojan.AndroidOS.Switcher, has been discovered by a researchers during a Kaspersky Lab.

The operative of this malware creates it flattering unique. Instead of aggressive a user, Switcher targets Wi-Fi network of a connected user (or a Wi-Fi router of a network).

Switcher performs a beast force conflict and guesses a cue of a router’s web interface. Just in box it’s successful, a trojan changes a DNS server addresses stored in router’s settings.

This step reroutes all DNS queries from a inclination in compromised network to a servers of hackers. It’s also famous as DNS-hijacking.

DNS Hijacking
DNS Hijacking achieved by Switcher

Two versions of Trojan.AndroidOS.Switcher malware

The confidence researchers have identified dual versions of Switcher malware. The initial version, with package name com.baidu.com, pretends to be a mobile customer for a Chinese hunt hulk Baidu.android-malware-switcher-1

The second version, named com.snda.wifi, disguises itself as a chronicle of a renouned Chinese app that shares Wi-Fi information between a users.

The cyber criminals have even combined a website that distributes and advertises these feign apps. Also, a web server of a website and malware’s CC server are a same.

Rogue DNS settings tarry even a reboot of a router

Due to a DNS-hijacking, a plant will be fooled into communicating with an wholly new network, that can take we to a feign Google or Facebook. Also, by targeting a whole network, all a users are unprotected to a far-reaching operation of attacks. It’s also worrying to see that a altered settings won’t be altered even after a reboot.

You can review some-more sum about a malware on Kaspersky’s blog.

Search for these brute DNS servers

You are suggested to check your DNS settings and hunt for these brute DNS servers. If we find one of these, warning your ISP or owners of Wi-Fi network:

  • 101.200.147.153
  • 112.33.13.11
  • 120.76.249.59

Did we find this story on Switcher malware helpful? Don’t forget to share your views and feedback.

Also Read: Rakos Malware Is Infecting Linux Servers And IoT Devices To Build Botnet Army