Android joins the ‘attack-the-router’ club –

HomeAboutTech & BusinessLIFESTYLEPhotography/FashionPOETRY Tech & Business Android joins the ‘attack-the-router’ club January 16, 2017

Newly-discovered Trojan uses unsuspecting Android device users as tools to redirect traffic from WiFi-connected devices to websites controlled by the attackers. Kaspersky Lab experts  recently uncovered a remarkable evolution in Android OS malware: the Switcher Trojan. It treats unsuspecting Android device users as tools to infect Wi-Fi routers, changing the routers’ DNS settings and redirecting traffic from devices connected to the network to websites controlled by the attackers, leaving users vulnerable to phishing, malware and adware attacks and more. The attackers claim to have successfully infiltrated 1,280 wireless networks so far, mainly in China.

“The Switcher Trojan marks a dangerous new trend in attacks on connected devices and networks. It does not attack users directly. Instead, it turns them into unwilling accomplices: physically moving sources of infection. The Trojan targets the entire network, exposing all its users, whether individuals or businesses, to a wide range of attacks – from phishing to secondary infection. A successful attack can be hard to detect and even harder to shift: the new settings can survive a router reboot, and even if the rogue DNS is disabled, the secondary DNS server is on hand to carry on. Protecting devices is as important as ever, but in a connected world we cannot afford to overlook the vulnerability of routers and Wi-Fi networks,” said Nikita Buchka, mobile security expert, Kaspersky Lab.

Domain Name Servers (DNS) turn a readable web address such as ‘’ into the numerical IP address required for communications between computers. The ability of the Switcher Trojan to hijack this process gives the attackers almost complete control over network activity which uses the name-resolving system, such as internet traffic. The approach works because wireless routers generally reconfigure the DNS settings of all devices on the network to their own – thereby forcing everyone to use the same rogue DNS.

The infection is spread by users downloading one of two versions of the Android Trojan from a website created by the attackers. The first version is disguised as an Android client of the Chinese search engine, Baidu, and the other is a well-made fake version of a popular Chinese app for sharing information about Wi-Fi networks:  WiFi万能钥匙.

When an infected device connects to a wireless network, the Trojan attacks the router and tries to brute-force its way to the web admin interface by guessing the password, relying on a long, predefined list of password and login combinations. If the attempt is successful, the Trojan exchanges the existing DNS server for a rogue one controlled by the cybercriminals, and also a secondary DNS, to ensure ongoing stability if the rogue DNS goes down.

The attackers have built a website to promote and distribute the Trojanized Wi-Fi app to users. The web server that hosts this site doubles as the malware authors’ command-and-control (C&C) server. Internal infection statistics spotted on an open part of this website reveal the attackers’ claims to have compromised 1,280 websites – potentially exposing all the devices connected to them to further attack and infection.

The company recommends that all users check their DNS settings and search for the following rogue DNS servers:

If you have one of these servers in your DNS settings, contact your ISP support or alert the owner of the Wi-Fi network. Kaspersky Lab also strongly advises users to change the default login and password to the admin web interface of your router to prevent such attacks in the future.

Share this:Click to share on Twitter (Opens in new window)Click to share on Facebook (Opens in new window)Click to share on Google+ (Opens in new window)Like this:Like Loading…Related 2 Comments Share: Yvonne Asiko

I am a lover of art and music. A free spirit and thinker who finds life in expressing herself through her writing. Welcome to my subconscious mind.

You Might Also Like SMEs in Eldoret town set to Benefit from High Speed Affordable Internet November 11, 2016 Acumen East Africa Fellows Program has seen emerging social leaders graduate November 8, 2016 Airtel Africa announces the appointment of Rajeev Sethi as Chief Commercial Officer January 5, 2017 2 Comments Reply how to plan my wedding January 23, 2017 at 6:04 am

What’s up,I log on to your blogs named “Android joins the ‘attack-the-router’ club – Kenyan Story” on a regular basis.Your writing style is witty, keep up the good work! And you can look our website about how to plan my wedding.

Reply تحميل اغانى January 23, 2017 at 9:09 am

Hello,I check your blog named “Android joins the ‘attack-the-router’ club – Kenyan Story” on a regular basis.Your humoristic style is awesome, keep up the good work! And you can look our website about تحميل اغانى

Leave a Reply Cancel Reply

Name *


Notify me of follow-up comments by email.

Notify me of new posts by email.


Follow Kenyan Story

Find us on Facebook Kenyan TalkICT innovations dominate consumer ICT discourse in Busia – Kikao KikuuThe Kenyan gospel songs don’t deserve the name gospel, they are just songsSafaricom Jazz Festival photosEABL unveils a consumer promotion dubbed Red Dot for its brandsLet’s protect the Communications Authority in discharge of its public interest mandate Follow me on TwitterMy TweetsSocialView @vatetamag’s profile on FacebookView @Ericvateta’s profile on TwitterView @ericvateta’s profile on InstagramSubscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2 other subscribers

Email Address


*/]]> */]]> */]]>

Leave a Reply

Your email address will not be published. Required fields are marked *