Kaspersky Lab researchers found a new Android Trojan called Switcher that uses victims' devices to infect the Wi-Fi...
routers they are connected to in order to further attack other devices on that network. How does this attack work on routers? Is there anything that can be done to protect them?
The Switcher Android Trojan attacks network settings rather than just targeting an endpoint -- a method that enables it to infect all of the systems using the network.
Kaspersky Lab has documented how the Switcher Android Trojan uses a malicious mobile application to attack wireless routers that have insecure default configurations. A user is tricked into installing the malicious Switcher mobile app, which then tries to brute force guess the administrator password of the wireless access point to which the device is connected. If the Switcher Android Trojan manages to guess the admin password, it changes the domain name system (DNS) server settings used by the embedded Dynamic Host Configuration Protocol (DHCP) server in the wireless access point.
DHCP servers are typically used on wireless access points to make it easier to configure the network settings for mobile devices. Once the DNS server settings are changed, additional devices that connect to the wireless network and that use DHCP to get the IP configuration settings will be rerouted to the malicious DNS server. The malicious DNS server can be used for man-in-the-middle attacks, to serve up ads and more.
There are several different aspects to this Switcher Android Trojan attack against which networks need to be secured. The wireless access point can be secured with the same steps used to prevent Chameleon malware. Endpoints can have their DNS settings manually set, but that would minimize the benefit of using DHCP.
Enterprises can detect the malware on their networks by monitoring for connections to the rogue DNS servers listed by Kaspersky. Enterprises should also monitor their networks for rogue DHCP servers. And, as always, users should be cautious about which mobile apps they download, even if they are from a legitimate app store.
Read about the Triada Android Trojan's ability to replace a device's system functions
Find out how Exaspy spyware is able to hide on Android devices
Learn how an Android backdoor was created in devices using Ragentek firmware
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Researchers developed aIR-Jumper, an exploit that leverages lights within security cameras to extract data. Learn how this attack works and how to ... Continue Reading
The com.google.provision virus reportedly targets Android users, but little is known about it. Nick Lewis discusses the mystery threat and how Common... Continue Reading
A bug in Microsoft's Internet Explorer update exposes information that users enter into the browser's address bar. Learn more about the bug and URL ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.