WavebreakMediaMicro - Fotolia
Kaspersky Lab researchers found a new Android Trojan called Switcher that uses victims' devices to infect the Wi-Fi routers they are connected to in order to further attack other devices on that network. How does this attack work on routers? Is there anything that can be done to protect them?
The Switcher Android Trojan attacks network settings rather than just targeting an endpoint -- a method that enables it to infect all of the systems using the network.
Kaspersky Lab has documented how the Switcher Android Trojan uses a malicious mobile application to attack wireless routers that have insecure default configurations. A user is tricked into installing the malicious Switcher mobile app, which then tries to brute force guess the administrator password of the wireless access point to which the device is connected. If the Switcher Android Trojan manages to guess the admin password, it changes the domain name system (DNS) server settings used by the embedded Dynamic Host Configuration Protocol (DHCP) server in the wireless access point.
DHCP servers are typically used on wireless access points to make it easier to configure the network settings for mobile devices. Once the DNS server settings are changed, additional devices that connect to the wireless network and that use DHCP to get the IP configuration settings will be rerouted to the malicious DNS server. The malicious DNS server can be used for man-in-the-middle attacks, to serve up ads and more.
There are several different aspects to this Switcher Android Trojan attack against which networks need to be secured. The wireless access point can be secured with the same steps used to prevent Chameleon malware. Endpoints can have their DNS settings manually set, but that would minimize the benefit of using DHCP.
Enterprises can detect the malware on their networks by monitoring for connections to the rogue DNS servers listed by Kaspersky. Enterprises should also monitor their networks for rogue DHCP servers. And, as always, users should be cautious about which mobile apps they download, even if they are from a legitimate app store.
Read about the Triada Android Trojan's ability to replace a device's system functions
Find out how Exaspy spyware is able to hide on Android devices
Learn how an Android backdoor was created in devices using Ragentek firmware
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and ... Continue Reading
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading