News

Criminals change DNS servers on routers to steal money

By admin
Spread the love

The Polish Computer Emergency Response Team reports criminals modifying the DNS servers in vulnerable routers. This makes them capable of man-in-the-middle attacks, a tactic that the criminals use to steal money from internet banking.

The case came to a head in late 2013 when the Polish CERT received reports of iPhone users dealing with counterfeit banking sites. Further investigation revealed that there was no malware on iOS, but that the victims’ routers had been tampered with. By changing the DNS server to an address of a server owned by the cyber criminals, they were able to lure Polish Internet users to fake websites.

The criminals presumably used vulnerabilities in routers to modify the DNS servers, although the Polish CERT does not rule out the possibility that weakly secured login details or default passwords were also used. The security organization also does not report which brands or types of routers have been hacked.

Although the criminals managed to get money with additional malware, the man-in-the-middle attack was not completely invisible. During the process, for example, traffic was partly sent via http and not via https, which can cause the browser to sound an alarm. By fiddling with domain names and including ‘ssl’ in the address, for example, the criminals tried to cover this up for less experienced internet users.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

Russian ministry bans iPhones due to suspicion of espionage

News

Rumor: First Macs with M3 sockets coming in October

News

Valve releases major Team Fortress 2 update with community maps and new taunts

News

European Commission agrees to VMware acquisition by Broadcom

News

Evernote moves to Europe and lays off American and Chilean employees