![]() ![]() Once the hacker successfully logs into the router, the exploit kit attempts to alter the router’s DNS settings using various CSRF requests, sending the victim to phishing pages designed to look like the actual website the victim wants to visit. Then the exploit kit attempts to find the router IP on the network, and brute force its way into the router. ![]() ![]() ![]() When visiting a compromised site, the victim is unknowingly redirected to a router exploit kit landing page, which is usually opened in a new window or tab, initiating the attack on the router automatically, without user interaction. Taking a closer look, two landing pages, targeting Brazilians, hosting the GhostDNS router exploit kit used to carry out cross-site request forgery (CSRF) attacks, caught our attention.Īs we described in a past blog post, RouterCSRF campaigns are often distributed via malvertising campaigns through ad rotators, and appear in waves. Router exploit kits are very popular in Brazil, and late November we noticed a spike in the number of URLs blocked by Avast’s Web Shield. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |