Categories: Security

Windows And Android Malvertising Campaign Puts Home Routers Under Attack

Security researchers at Proofpoint have identified a new malvertising attack on internet routers which ensnares victim networks though legitimate websites hosting unknowingly distributed malicious advertisements.

Targeting Windows and Android devices, the ‘DNSChanger Exploit Kit’ (EK) preys on vulnerabilities in victims’ home or small office (SOHO) routers and attacks via infected web browsers.

Although initially limited to Android and Windows, once a router has been compromised all users who then connect to it will be vulnerable to further malvertising attacks, regardless of their browser or operating system.

Router raid

According to Proofpoint, the attacks occur “in waves that are likely associated with ongoing malvertising campaigns lasting several days.

“DNSChanger will use webRTC to request a STUN server via stun.services.mozilla[.]com and determine the victim’s local IP address. If the victim’s public IP is already known or their local IP is not in the targeted ranges, they will be directed to a decoy path where a legitimate advertisement from a third party ad agency is displayed. If the client passes this check then a fake advertisement will be displayed to the victim.”

A series of checks and decryptions then take place, with the attack being determined by the router model and whether there are any known vulnerabilities to exploit. Although Proofpoint says it is not possible to provide a definitive list of vulnerable routers, it has identified some that are at risk. These include the D-Link DSL-2740R, the COMTREND ADSL Router CT-5367 C01_R12 and the Netgear R6200.

Although there is “no simple way to protect against these attacks,” updating routers to the latest known firmware is suggested as “the best way to avoid exploits.” Disabling remote administration, changing the default local IP range and installing ad-blocking browser add-ons can also provide some protection.

Ultimately though, Proofpoint believes manufacturers should be doing more to increase security: “While users must take responsibility for firmware updates, device manufacturers must also make security straightforward and baked in from the outset, especially on equipment designed for the SOHO market.”

“It is incumbent upon router manufacturers to develop mechanisms for simple, user-friendly updates to their hardware.”

Are you a security pro? Try our quiz!

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

Norway Hit By DDoS Cyber Attacks From Pro Russian Group

Norwegian national security agency warns pro-Russian group has targetted private and public institutions in Norway…

17 hours ago

Google Tells Staff They Can Relocate After Roe v Wade Ending

After US Supreme Court last week removed women's reproduction rights, Google tells staff they can…

18 hours ago

Taiwan Developing Own Digital Currency – Report

Central bank of Taiwan confirms it is still working on its digital currency, but has…

20 hours ago

Tesla Cuts 200 Autopilot Jobs, Closes San Mateo Office – Report

More restructuring at Tesla with hundreds of bob losses and California office closure, where staff…

21 hours ago

US FCC Commissioner Urges Apple, Google To Remove TikTok

Fresh worry for TikTok, after FCC Commissioner writes to Apple and Google about removing the…

22 hours ago

Airbnb Permanently Bans Parties, With Few Exceptions

Victory for irate neighbours? Airbnb confirms its temporary Covid ban on parties in its listings…

22 hours ago