Security software company Kaspersky has warned of a new form of Android Trojan that uses compromised devices to conduct surreptitious brute-force attacks against WiFi routers.
Dubbed the Switcher Trojan, it is distributed via fake versions of popular apps and, rather than exploiting compromised devices directly, seeks to take control of WiFi routers in order to re-direct traffic.
Once infected via the fake apps, Switcher tries to brute-force access to the WiFi network’s router and then changes its DNS settings to redirect traffic from devices connected to the network to a rogue DNS server.
This server fools the devices into communicating with websites controlled by the attackers, leaving users vulnerable to phishing, malware, adware and other attacks. A successful attack can be hard to detect, warns Kaspersky , and even harder to eradicate.
The Trojan has not yet become widespread, with figures dredged from the malware creators‘ own command-and-control server indicating that around 1,280 wireless networks have been compromised so far, mostly in China.