Skip to content

Malware attacks WiFi stations from Android devices

Not only attacking the Android operating system and device owners, malware is also now attacking a WiFi stations to control the internet connection.

New malware could attack Wifi router from Android. - Photo: The Hacker News.

Kaspersky Labs security researchers have discovered a new Android malware, but instead of directly attacking the device, it targets the WiFi router that device connects to.

On the wide attacking range, after dominating and controlling web access, malware can change DNS settings (server computer resolves domain name) to redirect access of devices connected to malicious websites at the will of the cyber criminals.

The Switcher malware is currently spreaded as a support application for China's Baidu seeking device or a Chinese application that allows users to share information on both public and private WiFi hotspots.

According to Kaspersky, it is possible that malware Switcher spreads is occurred by Chinese hackers. Because penetrating the remote server domain of the malware, researchers found that 1300 routers have been controlled, mostly of China.

Just by hacking a WiFi router, malware will automatically change the DNS address by its’ IP address.

Thereby redirecting the access of all users connected to that router to the malware address set up in advance.

Therefore, this malware is considered to be very dangerous because of its wide range attacks, not only the individual devices , but also the whole Internet networks.

Extremely dangerous

The malware is more dangerous because its method is not from server domain of wifi router, but from the Android individual device connected to that router. With this kind of attack, a malware Android device turns its wifi routers into the malware victims.

Then the other users connected to the hacked router victimized by Switcher malware. Thus, the victims increase exponentially.

For security reasons, Kaspersky security specialists recommend that users should not download applications not owned by the official Google online application store (CH Play). The other sources’ applications can be infected or set up by malware. Android users should deactivate applications’ install from unknown sources in the security settings of the operating system.

In addition, users with wiFi routers are also advised to immediately change their default password to minimize the risk of malware detecting login and administrator password.