- Joined
- May 15, 2016
- Messages
- 14,125
- Likes
- 2,643
- Points
- 1,730
Users are notified in browsers about the need to install the COVID-19 Inform application.
Cybercriminals are hacking routers to distribute a fake application from the World Health Organization, allegedly providing up-to-date information about COVID-19. Attackers change the DNS settings of the router so that a notification is displayed in the user's browser offering to download the application from WHO, which is actually a Vidar infostiller.
Over the past five days, messages have appeared on the Internet from users that their browsers suddenly suddenly opened themselves and displayed notifications about the need to download COVID-19 Inform App, supposedly from WHO.
The study showed that notifications appeared as a result of a cyber attack. Attackers changed legitimate DNS servers to their own in the settings of the D-Link and Linksys routers. Since most computers use IP addresses and DNS information provided by the router, DNS servers controlled by cybercriminals redirected users to malicious content.
How attackers gain control of routers is still unknown. However, according to some users, they had remote access to the router with a weak password enabled.
Users whose browsers suddenly open with a notification about the need to download the application from WHO need to log in to their router and check in the settings whether it automatically receives information from the DNS server of the Internet provider. It is recommended that users who install a fake application scan the system for malware using a reliable anti-virus solution.
Cybercriminals are hacking routers to distribute a fake application from the World Health Organization, allegedly providing up-to-date information about COVID-19. Attackers change the DNS settings of the router so that a notification is displayed in the user's browser offering to download the application from WHO, which is actually a Vidar infostiller.
Over the past five days, messages have appeared on the Internet from users that their browsers suddenly suddenly opened themselves and displayed notifications about the need to download COVID-19 Inform App, supposedly from WHO.
The study showed that notifications appeared as a result of a cyber attack. Attackers changed legitimate DNS servers to their own in the settings of the D-Link and Linksys routers. Since most computers use IP addresses and DNS information provided by the router, DNS servers controlled by cybercriminals redirected users to malicious content.
How attackers gain control of routers is still unknown. However, according to some users, they had remote access to the router with a weak password enabled.
Users whose browsers suddenly open with a notification about the need to download the application from WHO need to log in to their router and check in the settings whether it automatically receives information from the DNS server of the Internet provider. It is recommended that users who install a fake application scan the system for malware using a reliable anti-virus solution.