Security News > 2020 > May > Tools Used in GhostDNS Router Hijack Campaigns Dissected
2020-05-21 16:24
GhostDNS is used to compromise a wide range of routers to facilitate phishing - perhaps more accurately, pharming - for banking credentials.
Malvertising allows the EK to directly attack the router from a computer that uses the router.
Most GhostDNS campaigns target routers in Latin America, and Brazil in particular.
Interestingly, both sets of credentials include the password 'deadcorp2017', which is used by GhostDNS as a new password in infected routers - which means that new campaigns can gain access to routers already infected even if the original password is not included in the current campaign.
Only eight username/password pairs are found in this attack, but they include the most-used default router logins used in Brazil.