Crooks Are Spreading Fake COVID-19 App By Hacking Routers' DNS

  • Hackers are busy spreading a fake COVID-19 information app for stealing money and data from the users.
  • Learn how the hacker hijack your system and what information do they steal.
  • Here's how to avoid the attack and what to do if you have downloaded the fake app.

While the world is panicking from the coronavirus pandemic, bad actors are attempting to steal money and data from the concerned users by spreading a fake coronavirus information app. To do this, they are hijacking routers’ DNS. As a result, web browsers show alerts for a fake COVID-19 information app that seems to be from WHO but is an information-stealing malware. According to Bleepingcomputer, users have reported that the web browser automatically opens up and shows an alert for a COVID-19 information app from the WHO. Researchers discovered that this was happening as a result of a cyberattack that changes the DNS servers that are configured on their home D-link or Linksys routers to use the hackers operated DNS servers. The hijacked DNS servers were redirecting the users to fake COVID-19 information pages.

Some users had enabled remote access to the router having a weak admin password, this might be a way for hackers to gain access to the routers. After gaining access to the router, the configured DNS servers are changed to 109.234.35.230 and 94.103.82.249 by the hackers. When a system is connected to a network, Windows uses the Network Connectivity Status Indicator feature to check whether it has access to the internet or not. In this case when Microsoft performs the said NCSI active probe, the infected DNS server redirects you to a website that is located at 176.113.81.159. Now the hackers are controlling your IP address and they display you an alert for installing a fake COVID-19 latest information app. If you install the malware, an information-stealing app will be installed on your computer. After that the user has launched the malware, it will steal personal information such as browser’s data, saved passwords, cryptocurrency wallets, and more. The malware then uploads the stolen information to a remote server where it is collected by the hackers. The hackers might steal your money from your bank account or perform identity theft.



To avoid becoming a victim to this cyberattack, you should make sure that your router is configured to automatically receive DNS servers from your ISP. Reboot your devices to the right DNS settings provided by your ISP. Make sure to disable remote administration and you must secure your router with a strong administration password.

But if you have accidentally installed the fake COVID-19 information app, scan your system for malware immediately. You should also change the passwords for the accounts whose login settings are saved in your browser. An Android app named as COVID-19 Tracker has also been launched by the hackers. The app seems to track infected people around you. But when you install the app, it locks out the user and then demands a ransom $100 in bitcoins from the user. Be sure to avoid downloading these types of fake apps.

Read next: Charging Phones in Public just makes it easier for Hackers to Steal Data!
Previous Post Next Post