Hackers Waste No Time Exploiting Coronavirus Fears
Posted: March 27, 2020 to News.
Hackers have wasted no time in exploiting the chaos being wreaked on the world by the Coronavirus by hijacking routers and changing DNS settings to redirect their targets to fake Coronavirus apps and infecting their devices with Oski malware that steals their information. So far, over 1,000 victims have been reported. Though the scam started on March 18, it has seen a major increase in the past week, as the pandemic has worsened. And the attacks are expected to only grow in numbers, especially here in the US, the newest Coronavirus epicenter. In fact, according to Bitdefender's Liviu Arsene:“We estimate that the number of victims is likely to grow in the coming weeks, especially if attackers have set up other repositories, whether hosted on Bitbucket or other code repository hosting services, as the Coronavirus pandemic remains a ‘hot topic...'"
How does it work?
Hackers target routers with brute forcing remote management credentials, especially people using Linksys routers. They then hijack the router and change the DNS IP addresses and when the victim types in web address, DNS services send them to the "fake" IP address they created to serve that domain name. Now that the cyber criminals have control over DNS settings, tey are able to change the DNS IP addresses, and thus redirect their unknowing victims to [.]attacker-controlled sites. Some of the domains targeted by the hacker for redirection include:- aws.amazon[.]com
- bit[.]ly
- cox[.]net
- disney[.]com
- fiddler2[.]com
- goo[.]gl
- imageshack[.]us
- pubads.g.doubleclick[.]net
- tidd[.]ly
- redditblog[.]com
- ufl[.]edu
- washington[.]edu
- winimage[.]com
- xhamster[.]com