Skip to main content
  1. Home
  2. Tablets
  3. Computing
  4. Mobile
  5. Smart Home
  6. Web
  7. News

New JavaScript attack infects your phone and changes your router's DNS settings

Add as a preferred source on Google

Security firm Trend Micro has discovered an attack on home routers that involves malicious JavaScript, a mobile website, and a mobile device such as a smartphone. This attack has been taking place since December 2015, and so far focuses on Taiwan, Japan, and China. However, the United States is fourth on the attack list, so be prepared.

According to the report, a compromised mobile website can contain JavaScript that downloads another JavaScript with DNS changing routines to the visiting mobile device. Although this JavaScript can also be downloaded on a computer, the infection depends on the user’s medium — for example, JS_JITONDNS only infects mobile devices and triggers the DNS changing routine, while the JITON infection is triggered only if the user has a ZTE modem.

Recommended Videos

An examination of the code reveals that hackers are targeting routers sold by well known manufacturers such as D-Link, TP-LINK, and ZTE. The report points out that TP-LINK currently owns 28 percent of the router market while D-Link is in the top 10 with a seven percent market share. Given D-Link is based out of Taiwan and TP-LINK is in China, Trend Micro isn’t surprised by the high number of attacks in those regions.

“Cybercriminals behind this incident employ [an] evasive mechanism to go off the radar and continue the attack without arousing any suspicion from affected users. Such tactics include regularly updating the JavaScript codes to fix errors and constantly changing targeted home routers,” the report states. “The compromised websites are difficult to pinpoint due to the lack of any suspicious behavior.”

The DNS settings of a router can be overwritten thanks to the JavaScript code containing more than 1,400 login combinations, including a list of common passwords. There is also code in the JavaScript that can overwrite DNS settings by exploiting a specific vulnerability that currently exists in ZTE-based routers. Ultimately, hackers can remotely send any arbitrary command with administrator privileges to the router when it has been compromised.

However, Trend Micro specifically points out that the DNS changes can only be made if the victim accesses a compromised website on their mobile device. To prevent hackers from gaining control of their routers, all consumers need to do is to keep their home networking router’s firmware up to date, and to avoid using the default ID and password provided with the device when it shipped (like “admin” and ‘password”).

“Often times, people overlook the importance of keeping the firmware updated,” the report adds. “Administrative devices especially in the age of IoT are vulnerable to attacks that may pose risks to both user privacy and security. It is best to know how these smart devices operate and what kind of personal identifiable information these devices may collect.”

The list of countries affected by this mobile attack also includes France, Canada, Australia, Korea, Hong Kong, and the Netherlands, as Trend Micro reveals in a chart.

Attacks on home routers aren’t anything new although this version seems to be surfing the mobile trend in an emerging Internet-of-Things (IoT) world. Hackers can do all sorts of things with compromised routers including establishing a botnet, and programming specific DNS settings that send clueless victims to malicious websites. Unfortunately, most smartphones and tablets aren’t protected like desktops, so this new mobile JavaScript-based hack is certainly alarming to say the least.

Kevin Parrish
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Amazon quietly upgrades its Fire HD 10 tablet with a whopping 1GB of RAM
Amazon really said, "Here's 1GB. You're welcome."
Amazon Fire HD 10 tablet

Amazon has quietly refreshed one of its most popular tablets, but not in the way many expected. Instead of launching a brand-new Fire tablet after its longest product drought in years, the company has introduced a slightly upgraded version of the existing Fire HD 10 with an extra gigabyte of RAM.

The update is modest on paper, yet it arrives at an interesting time. Amazon hasn't introduced a new Fire tablet since the Fire HD 8 refresh in 2024, while products like the Fire 7 and Fire Max 11 have yet to receive successors. Rather than expanding its lineup, Amazon appears to be extending the life of an aging device with a minor hardware tweak.

Read more
You’ll soon be able to use WhatsApp on your iPad without touching your iPhone
Companion mode stays. Primary mode arrives. WhatsApp on iPad just became a lot more useful.
Computer, Electronics, Pc

If you’ve ever used WhatsApp on your iPad, you already know its limitations. You can’t set it up without a primary device, can’t share live location, and can't use the broadcast lists feature. 

That’s finally changing. WhatsApp’s latest update gives iPad users a long-due promotion. Rather than serving as an extension of your iPhone, it will soon become your main device. 

Read more
A ‘meh’ iPad Pro refresh lands in 2027 with a cooling boost to handle your demanding workloads
Apple may bring vapor chamber cooling to the iPad Pro in 2027
Apple iPad Pro 2025 on a table

Apple’s next iPad Pro may not look dramatically different, but it could get one upgrade that makes a lot of sense for an ultra-thin tablet. Better cooling.

According to Bloomberg, Apple is testing four new iPad Pro models planned for spring 2027. The tablets are expected to keep the current 11-inch and 13-inch display sizes, while focusing mostly on internal improvements, including faster chips. Apple has also reportedly tested a vapor chamber cooling system for the iPad Pro, which could help improve sustained performance and reduce overheating.

Read more