New Android Trojan Malware Poses Threat to Enterprises
A new brand of Trojan malware is on the loose and it’s targeting routers. If infected, this malware can take control of your company’s wireless network.
The new malware is being called Switcher Trojan, and it leverages those using an Android device. Switcher takes traffic from infected devices connected to a wireless network, and sends it directly to a cyber-criminal, according to Zdnet.com.
Kaspersky Lab researchers say Android malware hasn’t been used in this type of hack before. To start, the attacker reportedly tries to get into the router’s admin interface with a long and predefined list of log-in credentials. Once a cyber criminal gets their hands on those, Switcher changes the Domain Name Servers (DNS) settings of the router in order to re-route DNS queries. Plus, the hackers would then have the ability to watch the network’s traffic.
About 1,280 Wi-Fi networks have been affected with Switcher Trojan, Zdnet.com reported. Therefore, all of the users on those networks were put at risk.
The worst part about this malware: even if an attack is detected, it is often hard to get rid of the infection due to backup servers.
“A successful attack can be hard to detect and even harder to shift: the new settings can survive a router reboot, and even if the rogue DNS is disabled, the secondary DNS server is on hand to carry on,” Kaspersky Lab Cybersecurity Researcher Nikita Buchka told Zdnet.com.
This malware has only targeted internet users in China so far, but its predicted goal is to conjure a much larger reach utilizing two methods. One is to mask itself as a mobile client for a Chinese search engine and the other is centered around a Chinese mobile app that allows users to share network information.
If you think you’re at risk, change the default login and password on your network router.
Google did not respond to Zdnet’s request for a comment.