A DNS hijacking campaign surfaced targeting customer credentials of Banco do Brasil and Itau Unibanco via end user IoT devices. According to researchers, “this is the first time modems and routers have been remotely exploited for performing DNS hijacking and as a result of the compromise any device with internet access in the home of an affected user is prone to be redirected to the fake websites.” The attack will redirect users to a phishing site who are looking for popular financial sites, specifically ones that are used for paying bills or checking bank statements. The DNS server that controls the attacks provides the attacker with flexibility to bring up forged web fronts and portals in order to gather sensitive information from the routers of infected victims. It has also been seen that the servers try to reconfigure vulnerable IoT devices in Brazil, which uses an unauthenticated remote configuration URL to alter the DNS server settings of modems and routers. Researchers claim that this will result “in all name resolution within the home of the affected consumers to be routed through malicious DNS servers.” The two banks have been informed about the campaign and are working to take down the servers.
