In a report published by Ara Labs it has been revealed that a new strain of malware is using routers to inject ads and pornography into websites, and once a router is compromised, the malware will load third-party content onto almost any website visited by the user. Also Read - Downloaded WhatsApp Pink virus by mistake? Here's what you can do to fix your phone
The attack alternates between loading ads and directly loading content from pornographic websites. In both cases, it’s functioning as a basic adware attack, redirecting targets as a pay of generating paid traffic for a client. Also Read - Mobile cyberattacks on Indian firms up by 854% in 2021: Report
According to the Verge, the attack works by targeting the DNS system. Since DNS information is typically communicated through the router, the attackers used the hacked routers to reroute requests to their own bogus IP addresses. When the target tried to connect to Google Analytics, the hacked router sent the request to the attackers’ server, which answered the request by injecting its own content onto the pages in question. Google Analytics is so widely used that the attack was able to inject ads into almost any site on the web. Also Read - Android app offering free Netflix may steal your WhatsApp data
Routers are less powerful and harder to patch than computers, so they are much more vulnerable. This had made them a common target for hackers, who use them to launch denial of service attacks or spoof banking sites to steal login credentials. The compromise is specific to the router and it won’t be detected by traditional antivirus tools, which may lead many victims to assume the ads are legitimate.