Hackers have wasted no time in exploiting the chaos being wreaked on the world by the Coronavirus by hijacking routers and changing DNS settings to redirect their targets to fake Coronavirus apps and infecting their devices with Oski malware that steals their information.  So far, over 1,000 victims have been reported.

Though the scam started on March 18, it has seen a major increase in the past week, as the pandemic has worsened.  And the attacks are expected to only grow in numbers, especially here in the US, the newest Coronavirus epicenter.  In fact, according to Bitdefender’s Liviu Arsene:

“We estimate that the number of victims is likely to grow in the coming weeks, especially if attackers have set up other repositories, whether hosted on Bitbucket or other code repository hosting services, as the Coronavirus pandemic remains a ‘hot topic…'”

How does it work?

Hackers target routers with brute forcing remote management credentials, especially people using Linksys routers. They then hijack the router and change the DNS IP addresses and when the victim types in web address, DNS services send them to the “fake” IP address they created to serve that domain name.  Now that the cyber criminals have control over DNS settings, tey are able to change the DNS IP addresses, and thus redirect their unknowing victims to [.]attacker-controlled sites.

Some of the domains targeted by the hacker for redirection include:

  • aws.amazon[.]com
  • bit[.]ly
  • cox[.]net
  • disney[.]com
  • fiddler2[.]com
  • goo[.]gl
  • imageshack[.]us
  • pubads.g.doubleclick[.]net
  • tidd[.]ly
  • redditblog[.]com
  • ufl[.]edu
  • washington[.]edu
  • winimage[.]com
  • xhamster[.]com

The attackers are able to redirect the unwitting users  attempting to access one of the above (valid) websites to a list of their Coronavirus-themed (malicious) websites.   When the victim clicks on any of the domains, the site displays a fake WHO message instructing the target to install and download an app that pretends to offer Coronavirus information but is, in reality, carrying Oski malware.

What can you do?

With social distancing in full effect, the number of people working from home has sky-rocketed, leaving many workers vulnerable to the attack. To protect yourself, we have created a list of actions you can take that work in tandem as layers of cyber protection.  Download the guide here, and feel free to share with your coworkers and any other friends or family you have who are working from home during these difficult times.  You can also call us at 919-422-2607 or click here to schedule a free consultation with Craig about fortifying your home office.

Comments are closed.