GhostDNS: New DNS Changer Botnet Hijacked Over 100,000 Routers

(Last Updated On: October 2, 2018)

“GhostDNS is a new wave of DNS hijacking. Chinese cybersecurity researchers have uncovered a widespread, ongoing malware campaign that has already hijacked over 100,000 home routers and modified their DNS settings to hack users with malicious web pages—especially if they visit banking sites—and steal their login credentials.

Dubbed GhostDNS, the campaign has many similarities with the infamous DNSChanger malware that works by changing DNS server settings on an infected device, allowing attackers to route the users’ internet traffic through malicious servers and steal sensitive data.”

The full article from the Hacker News is here:

NetLab’s 360 Article is 70+ different types of home routers(all together 100,000+) are being hijacked by GhostDNS

There is a wave of new attacks which are targeting the CPEs in people’s home and small businesses. Threat-Actors will target these CPEs for their gain. Some will use to fake people into their own DNS resolver (hijacking the session). Some will break into the CPEs to turn them into crypto miners. Some will use the CPEs for DOS attacks. The core risk to the industry is two-fold:

  1. Operators, Carriers, and ISPs are not working to track which of their customer CPEs are infected and doing anything to “clean up” the problem.
  2. 90% of the owners of the infect CPEs will now know they are infected nor understand how to clean up the infection.