Linksys and D-Link routers targeted by Corona-virus themed malware

Walden Systems Geeks Corner News Linksys and D-Link routers targeted by Corona-virus themed malware Rutherford NJ New Jersey NYC New York City North Bergen County
Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.

A group of hackers are targeting D-Link and Linksys routers and changing DNS settings in order to point unsuspecting device users to coronavirus-related sites pushing malware. Hackers are using brute-force attacks to guess the admin password of targeted routers. Once they guess a password and get in, hackers change the router's default DNS server settings, pointing the device to their own servers. This means that every DNS query made by users connected to a hijacked router goes through the hackers' DNS servers, giving the hackers full control over what sites a user accesses.

When users try to access a list of particular domains, hackers are redirecting users to a custom site urging them to install a coronavirus information app. The app installs a version of the Oski trojan. Oski is a recent infostealer trojan sold on Russian-speaking dark web forums. The trojan's main function is to steal account credentials from browsers and cryptowallet files in order to hijack cryptocurrency accounts.


The malicious DNS servers used by hackers are 109.234.35.230 and 94.103.82.249. If you are using a D-Link or Linksys router, you should connect to the router's admin panel and check if these two IP addresses appear in the DNS settings section. If your routers do, remove the DNS server IP addresses and change the router's admin panel password.

This campaign first began on March 18 and is still ongoing. D-Link and Linksys owners should be cautious of any requests to download and install coronavirus-related apps. Even If your router isn't affected, it is highly recommended to change the password ad disable remote administration.