You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Every Friday
GamesRadar+
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Every Thursday
GTA 6 O'clock
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
Every Friday
Knowledge
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Every Thursday
The Setup
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Every Wednesday
Switch 2 Spotlight
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Every Saturday
The Watchlist
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Once a month
SFX
Get sneak previews, exclusive competitions and details of special events each month!
Well, this is crummy (albeit not surprising)—hackers have begun targeting home and small office routers with presumably weak passwords to change the DNS settings and redirect users to malicious websites masquerading as legitimate resources for Covid-19.
"Covid-19 is a recurring theme that cybercriminals have been abusing to trap victims. Malicious reports involving coronavirus-themed malware have increased five-fold in March from February, with attackers using phishing scams that exploit coronavirus misinformation and fear regarding medical supply shortage," BitDefender states in a blog post.
According to BitDefender, attackers are mostly focusing their efforts on Linksys-brand routers, though Bleeping Computer notes that D-Link models have been the target of related hacking attacks as well. In either case, hackers appear to be "brute forcing" their way into routers—i.e., attempting to guess passwords and passphrases, both locally and in the cloud.
Once inside, hackers change the DNS IP settings. The byproduct of this is being able to redirect web queries to specific websites, which in this case are ones purporting to be informational sites related to the coronavirus pandemic.
"What’s interesting is that, by changing the DNS settings on the router, users would actually believe they’ve landed on a legitimate webpage, except that it’s served from a different IP address. For example, when users type 'example.com', instead of the webpage being served from a legitimate IP address, it would be served from an attacker-controlled IP that’s resolved by the malicious DNS settings," BitDefender explains.
"If the attacker-controlled webpage is a spot-on facsimile, users would actually believe they’ve landed on a legitimate webpage, judging from the domain name in the browser’s address bar," BitDefender adds.
The spoofed websites encourage users to download an informational Covid-19 app in order to "have the latest information and instructions about coronavirus." It claims to be from the World Health Organization, but is definitely not.
"It’s recommended that, besides changing the router’s control panel access credentials (which are hopefully not the default ones), users should change their Linksys cloud account credentials, or any remote management account for their routers, to avoid any takeovers via brute forcing or credential-stuffing attacks," BitDefender says.
In addition, it's a good idea to make sure you are running the latest firmware version for your router.
