For nearly a year, Brazilian users have been targeted with a new type of router attack that has not been seen anywhere else in the world.
The attacks are nearly invisible to end users and can have disastrous consequences, having the ability to lead to direct financial losses for hacked users.
What's currently happening to routers in Brazil should be a warning sign for users and ISPs from all over the world, who should take precautions to secure devices before the attacks observed in South American country spread to them as well.
Router DNS-changing attacks
The attacks targeting routers in Brazil started last summer and were first observed by cyber-security firm Radware[1], and a month later by security researchers from Netlab[2], a network threat hunting unit of Chinese cyber-security giant Qihoo 360.
At the time, the two companies described how a group of cyber-criminals had infected over 100,000 home routers in Brazil and were modifying their DNS settings.
The modifications made to these routers redirected infected users to malicious clone websites whenever they tried to access e-banking sites for certain Brazilian banks.
Similar attacks were seen a few months later, in April 2018 by threat intel firm Bad Packets, who detailed another wave of attacks[3], but this time aimed primarily against D-Link routers, also hosted on Brazilian ISPs.
This time around, besides hijacking users visiting Brazilian banks, the hackers were also redirecting users to phishing pages for Netflix, Google, and PayPal, to collect their credentials, according to researchers at Ixia[4].
But according to a report published by Avast this week, these attacks haven't stopped[5]. In fact, according to the company, in the first half of