Categories: Security

Windows And Android Malvertising Campaign Puts Home Routers Under Attack

Security researchers at Proofpoint have identified a new malvertising attack on internet routers which ensnares victim networks though legitimate websites hosting unknowingly distributed malicious advertisements.

Targeting Windows and Android devices, the ‘DNSChanger Exploit Kit’ (EK) preys on vulnerabilities in victims’ home or small office (SOHO) routers and attacks via infected web browsers.

Although initially limited to Android and Windows, once a router has been compromised all users who then connect to it will be vulnerable to further malvertising attacks, regardless of their browser or operating system.

Router raid

According to Proofpoint, the attacks occur “in waves that are likely associated with ongoing malvertising campaigns lasting several days.

“DNSChanger will use webRTC to request a STUN server via stun.services.mozilla[.]com and determine the victim’s local IP address. If the victim’s public IP is already known or their local IP is not in the targeted ranges, they will be directed to a decoy path where a legitimate advertisement from a third party ad agency is displayed. If the client passes this check then a fake advertisement will be displayed to the victim.”

A series of checks and decryptions then take place, with the attack being determined by the router model and whether there are any known vulnerabilities to exploit. Although Proofpoint says it is not possible to provide a definitive list of vulnerable routers, it has identified some that are at risk. These include the D-Link DSL-2740R, the COMTREND ADSL Router CT-5367 C01_R12 and the Netgear R6200.

Although there is “no simple way to protect against these attacks,” updating routers to the latest known firmware is suggested as “the best way to avoid exploits.” Disabling remote administration, changing the default local IP range and installing ad-blocking browser add-ons can also provide some protection.

Ultimately though, Proofpoint believes manufacturers should be doing more to increase security: “While users must take responsibility for firmware updates, device manufacturers must also make security straightforward and baked in from the outset, especially on equipment designed for the SOHO market.”

“It is incumbent upon router manufacturers to develop mechanisms for simple, user-friendly updates to their hardware.”

Are you a security pro? Try our quiz!

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

Brazil Unfreezes Starlink, X Bank Accounts After Funds Transfer

Judge orders X, Starlink bank accounts unfrozen after $3.3m transfer pays off fines imposed on…

17 hours ago

Uber To Offer Waymo Robotaxi Rides In Austin, Atlanta

Uber expands deal with Waymo from Phoenix to Austin, Texas and Atlanta as it faces…

18 hours ago

GenAI Shopping: Revolutionising Retail Experiences

Discover how Generative AI is transforming the retail experience with personalised interactions, AI-powered search, and…

18 hours ago

US House Passes Bill Targeting Chinese EV Battery Tech

US House of Representatives passes bill restricting tax credits for electric vehicles using battery technology…

18 hours ago

NASA Mission To Jupiter’s Europa Gets Go-Ahead

NASA to launch 'Europa Clipper' mission to Jupiter's moon Europa next month as it seeks…

19 hours ago

Police Arrest Youth Over London Transport Hack

National Crime Agency arrests 17-year-old in Walsall over hack of Transport for London that compromised…

19 hours ago