A new form of malware that targets Wi-Fi networks by first infecting Android devices has emerged. According to researchers at Kaspersky Lab, the new form of Trojan horse, called Switcher Trojan, seems to work in a unique way in that it only uses people who have their Android devices connected to a public Wi-Fi network as a means of accessing the network rather as the real target.
According to Nikita Buchka, one of the Kaspersky Lab researchers involved in the research, the ultimate goal of Switcher, as is it now commonly called, is to direct people who use a public Wi-Fi network to fake sites so that criminals can access their login details.
‘Currently, there are two versions of Switcher Trojan in circulation; however, both versions work by tricking users of public Wi-Fi networks and leading them to fake sites.’ He stated.
It appears that the manner in which Switcher Trojan works is quite sophisticated. According to Kaspersky Lab, the malware program first seeks to dupe users of Android devices into downloading specific files on their devices.
‘One common form of Switcher Trojan poses as the android app for Baidu,’ Kaspersky Lab researchers say.
Baidu is a popular Chinese web services company. Another version of the malware programs appears to be one of the popular mobile applications for sharing login information for Wi-Fi networks.
Once the malware program finds its way to an Android mobile device, its focus shifts to the router of the Wi-Fi network that the user may get connected to at any given time. Interestingly, Switcher stores many password combinations that it uses against TP-LINK, a popular type of Wi-Fi routers. Switcher then uses a form of brute force attack to force its way into the routers of the Wi-Fi networks that individuals use.
Kaspersky Lab says that the ability to hijack traffic is one of the features that define how this new malware program works. Once the program successfully logs into the administrator’s interface of a router, it gives criminals absolute control over the network. The criminals can then take control of the DNS of the network and redirect all the traffic to fake sites, thus being able to steal the personal credentials of unsuspecting users of the network.
According to Buchka, the extent to which Switcher Trojan is a serious threat is seen in the high number of networks (more than 1200) that the program has successfully infected.
Another security firm, Proofpoint, has pointed out that new forms of malware programs that seek to modify the DNS settings of public Wi-Fi networks and redirect users to fake sites are now becoming popular.