Kaspersky Lab researchers found a new Android Trojan called Switcher that uses victims' devices to infect the Wi-Fi...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
routers they are connected to in order to further attack other devices on that network. How does this attack work on routers? Is there anything that can be done to protect them?
The Switcher Android Trojan attacks network settings rather than just targeting an endpoint -- a method that enables it to infect all of the systems using the network.
Kaspersky Lab has documented how the Switcher Android Trojan uses a malicious mobile application to attack wireless routers that have insecure default configurations. A user is tricked into installing the malicious Switcher mobile app, which then tries to brute force guess the administrator password of the wireless access point to which the device is connected. If the Switcher Android Trojan manages to guess the admin password, it changes the domain name system (DNS) server settings used by the embedded Dynamic Host Configuration Protocol (DHCP) server in the wireless access point.
DHCP servers are typically used on wireless access points to make it easier to configure the network settings for mobile devices. Once the DNS server settings are changed, additional devices that connect to the wireless network and that use DHCP to get the IP configuration settings will be rerouted to the malicious DNS server. The malicious DNS server can be used for man-in-the-middle attacks, to serve up ads and more.
There are several different aspects to this Switcher Android Trojan attack against which networks need to be secured. The wireless access point can be secured with the same steps used to prevent Chameleon malware. Endpoints can have their DNS settings manually set, but that would minimize the benefit of using DHCP.
Enterprises can detect the malware on their networks by monitoring for connections to the rogue DNS servers listed by Kaspersky. Enterprises should also monitor their networks for rogue DHCP servers. And, as always, users should be cautious about which mobile apps they download, even if they are from a legitimate app store.
Read about the Triada Android Trojan's ability to replace a device's system functions
Find out how Exaspy spyware is able to hide on Android devices
Learn how an Android backdoor was created in devices using Ragentek firmware
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cross-platform malware enables attackers to leverage their attacks using infected Microsoft Word docs. Expert Nick Lewis explains how the attacks ...continue reading
How was the ATMitch malware able to loot cash machines, then delete itself? Expert Nick Lewis explains how the fileless malware works and how it ...continue reading
DoubleAgent malware is a proof of concept for a zero-day vulnerability that can turn antivirus tools into attack vectors. Expert Nick Lewis explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.