Android device users are under threat from a newly-discovered Trojan, Kaspersky Lab has revealed. Rather than directly attacking the unsuspecting consumers, the malware uses them as tools to redirect traffic.
The Switcher Trojan works by changing routers’ DNS settings and redirecting the traffic from devices connected to the network to websites controlled by the attackers – leaving users vulnerable to phishing, malware and adware attacks.
Nikita Buchka, mobile security expert at Kaspersky Lab, said: “The Switcher Trojan marks a dangerous new trend in attacks on connected devices and networks. It does not attack users directly. Instead, it turns them into unwilling accomplices: physically moving sources of infection. The Trojan targets the entire network, exposing all its users, whether individuals or businesses, to a wide range of attacks – from phishing to secondary infection.
“A successful attack can be hard to detect and even harder to shift: the new settings can survive a router reboot, and even if the rogue DNS is disabled, the secondary DNS server is on hand to carry on. Protecting devices is as important as ever, but in a connected world we cannot afford to overlook the vulnerability of routers and Wi-Fi networks.”
The internet security firm says the attackers claim to have successfully infiltrated 1,280 wireless networks so far, mainly in China. The infection, as of right now, is spread by downloading one of two versions of the Trojan. The first is disguised as an Android client of the Chinese search engine, Baidu, and the other is a fake version of Chinese app WiFi万能钥匙 (WiFi Master Key).
Kaspersky recommends that all Android users check their DNS settings for the 220.127.116.11, 18.104.22.168 and 22.214.171.124 rogue servers.