We are starting off the month of October with over 100,00 routers in Brazil under attack by a new botnet. This one dubbed [GhostDNS] as it is designed to attack vulnerable routers with specially made modules that contain a plethora of malicious scripts. Once these routers are breached, it goes about changing the router DNS settings and replacing it with servers that they owned.
Now this particular malware is similar to the [DNSChanger] https://thehackernews.com/2016/12/dnscha...lware.html campaign that breached routers with the same goal in mind; alter DNS settings. This botnet has mainly targeted Brazil's banking sector. This is a large scale campaign, and one that may have already hijacked an untold amount of user data.
In case you aren't planning on becoming a victim of GhostDNS, there were recommendations to ensure that your router is running the latest firmware, and setting a strong password for your router web portal, as well you could also change your default IP address, or disable your remote administration.
<<Let me know what you think, comment if you want>>
---- Sh7nk-Z0id
01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011