Jump to content
MrGrj

A JavaScript Based Malware Found Attacking Users Routers DNS Settings

By MrGrj, in Stiri securitate

Recommended Posts

  • Active Members
MrGrj Explorer

MrGrj

Posted
  • Active Members
Posted

Security researchers from Trend micro recently discovered a new JavaScript-based malware that infects your mobile devices and also attacks your home router by altering its DNS (Domain Name System) settings.

 

This new threat was named as JS_JITON and was first noticed in end of December 2015, continuing to infect devices up until this day, hitting its peak in February 2016, with over 1,500 infections per day.

 

Researchers say that the malware spreads it’s infection chain in a very simple way. Attackers place their code in some websites and wait for users to visit

 

The malware’s infection chain is simple. According to Trend Micro researchers, attackers place malicious code on compromised websites and wait for users to visit these pages using mobile devices. Once this happens, the malware is downloaded to the user’s mobile device and executes, trying to connect to the local home network’s router IP using a series of admin and passwords combos hardcoded in the JS_JITON malware source code.

 

The malware has over 1,400 credentials are included, and once the malware authenticates on the device, it will change the router’s DNS settings.

 

Very little is known about what the intentions of this malware are, but taking into account that at one point it also included malicious code that executed from desktop computers, Trend Micro researchers believe this is a “work in progress,” with its creators still exploring their attack’s capabilities.

 

The belief was made strong by the fact that attackers regularly update JS_JITON’s source code, changing small details here and there, fine tuning their attacks. Additionally, at one point, the JS_JITON source code also included a keylogging component.

 

According to researchers JS_JITON could attack D-Link and TP-Link routers, but it also included a special exploit to take advantage of CVE-2014-2321, an older vulnerability in ZTE modems.

 

Malwares like this could be a serious threat if not killed in the initial stage.

 

Source

  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...