Dubbed GhostDNS, the campaign shares many similarities with the DNSChanger malware, which works by changing DNS server settings on an infected device, allowing attackers to redirect users' Internet traffic through malicious servers and steal sensitive data.According to a new report from cybersecurity firm Qihoo 360 NetLab, as with the DNSChanger campaign, GhostDNS reads routers' IP addresses and which devices are left with factory settings or no passwords at all, accesses the routers' settings, and changes the router's default DNS address to that , which is controlled by attackers.The GhostDNS system mainly includes four modules:1) DNSChanger module: This is the main module of GhostDNS to use the target information based on the information collected by the router.The DNSChanger module consists of three modules, which researchers named Shell DNSChanger, Js DNSChanger, and PyPhp DNSChanger.a.) Shell DNSChanger - Written in the Shell programming language, this submodule combines 25 scripts that can change passwords on routers or software packages from 21 different manufacturers.b.) Js DNSChanger - Written mainly in JavaScript, this submodule includes 10 attack scripts to infect 6 routers or software packages."Its functional structure is mainly divided into scanning, packet generator and attack applications.The Js DNSChanger program is usually already installed on phishing sites, so it works in conjunction with the Phishing Web System, researchers say.c.) PyPhp DNSChanger - Written in both Python and PHP this submodule has 69 attack scenarios against 47 different routers and has been found in use on over 100 servers, most of which are in the Google Cloud, and includes features such as Web API ", "Scanner" and "Attack" modules.This module is the core module of DNSChanger, which allows attackers to scan the Internet and find vulnerable routers.2) Web Module Admin: Although researchers don't have too much information about this module yet, it seems that there is an admin panel hidden under it, protected by a login page.3) Rogue DNS Module: This module is responsible for addressing target domain names from attacker-controlled web servers, mainly related to banking and cloud hosting services and a domain belonging to the security company Avira."We don't have access to the Rouge DNS server, so we can't say exactly how many DNS names were hijacked, but by querying Alexa Top1M and DNSMon Top1M domains against the malicious DNS server (139.60.162.188), we were able to find a total of 52 domains that have been hijacked," say NetLab researchers.4) Web spoofing module: When a target domain is successfully replaced by rogue DNS modules, the web spoofing module attempts to create a valid version of that specific website.According to scientists, from September 21 to 27GhostDNS has infected more than 100,000 routers, with 87.8 percent of devices (87,800) located in Brazil alone, which means Brazil is the main target of GhostDNS attackers.Because the GhostDNS campaign is highly advanced, uses a different attack vector, and adopts an automated attack process, it poses a real threat to users.Therefore, users are advised to protect themselves.How to protect your home router from hackersTo avoid becoming a victim of such attacks, it is recommended to ensure that your router is using the latest firmware version and that you set a strong browser login password.You may also consider disabling remote administration, changing the default local IP address and trusted DNS server address configured in your router or operating system.The NetLab researchers also recommended that router vendors increase the complexity of the router's default password and improve the security update mechanism for their products.Infected routersAirRouter AirOS Antenna PQWS2401 C3-TECH Router Cisco Router D-LINK DIR-600 D-LINK DIR-610 D-LINK DIR-615 D-LINK DIR-905L D-LINK ShareCenter Elsys CPE-2n Fiberhome Fiberhome AN5506-02-B Fiberlink 101 GPON ONU Greatek GWR 120 Huawei Intelbras WRN 150 Intelbras WRN 240 Intelbras WRN 300 LINKONE MikroTik Multilaser OIWTECH PFTP-WR300 QBR-1041 WU Roteador PNRT150M Roteador Wireless N 300 Mbps Roteador WRN150 Roteador WRN342 Sapido RB-1830 TECHNIC LAN WAR-54GS Tenda Wireless- N Broadband Router Thomson TP-Link Archer C7 TP-Link TL-WR1043ND TP-Link TL-WR720N TP-Link TL-WR740N TP-Link TL-WR749N TP-Link TL-WR840N TP-Link TL-WR841N TP-Link TL- WR845N TP-Link TL-WR849N TP-Link TL-WR941ND Wive-NG routers firmware ZXHN H208N Zyxel VMG3312There are five ways to find out the passwords of wireless networks you've been on before…The Wi-Fi Alliance on Monday officially announced WPA3, the next generation of Wi-Fi security...More than half a million routers and storage devices in dozens of countries...Tens of thousands of MikroTik and Ubiquiti routers are available online with…News of powerful cyber attacks spread around the world on Thursday.US Justice...Three US scientists devised a clever hoax and achieved that several sociology journals...Sleep is extremely important for our good physical and mental health.However, for many...Even if you use high-speed Internet at home, still up to a new data transfer record...The online music streaming platform Spotify presented ambitious growth plans: by 2030...Cyber ​​Command, a hacking unit of the US Armed Forces, carried out offensive...Apple aims to ensure that iPhone mobile phones are protected against water,...US intelligence believes that the goal of its Russian leader in the near future is to strengthen the position in Donbas...After an almost year-long investigation into the gruesome death of a man in Šalčininkai district, Šauliai village,...On Friday evening, the space of the "Open'er" festival in Gdynia was hit by a huge...The story of the Lithuanian Vitalija, who unexpectedly disappeared in Great Britain in August 2011...The Lithuanian national basketball team continues to march without stumbling in the first selection of the World Championship...The head of Luhansk region administration, Serhijus Haidajus, stated on Thursday that the situation...Experts at Locked N' Loaded, a civil defense and security think tank, say that…The war destroying the homeland did not prevent the Ukrainian basketball team from achieving revenge against...Summer is not only a time for vacations and pleasures, but also for frequent injuries and poisonings.About...On Saturday, a cold atmospheric front will slowly pass through Lithuania, which will already displace the hot...