Skip to main content

Porn, ads injected into Google Analytics code by new router malware

Ads Injected Via Hijacked Router DNS
A new variant of router malware has been discovered by Ara Labs, and it is designed to inject ads and pornography into websites. The malware modifies the router’s DNS settings to intercept Google Analytics tags and replace them with malicious content.

Because a number of websites use Google Analytics for traffic data, they are prime targets for a DNS attack. For the fraudsters, there’s plenty of potential for income – the attacker can sell ad spots to generate revenue. Assuming an individual infects numerous routers, this can result in a large sum of money.

The malware variant is easily finding its way into routers due to the fact that many owners do not change their router’s login credentials. It can also send unauthenticated configuration requests to certain devices that are vulnerable to an attack.

Ara Labs has not specified which routers are being exploited at the moment.

This type of malware has been around for years, according to experts. There have been several reports published on DNS attacks, but they continue to be problematic.

When a hijack is successful, the DNS settings on the router are changed to point to a rogue DNS server controlled by the attacker. With this access, a fraudster can substitute a correct IP for the IP of a server that is under his or her control. This means that when you think you are visiting a certain domain, you may actually be connecting to a hacker’s server.

Proactive updates are the best protection – you should ensure that your router’s firmware is fully patched, and change your default credentials as soon as possible.

Editors' Recommendations

Krystle Vermes
Former Digital Trends Contributor
Krystle Vermes is a professional writer, blogger and podcaster with a background in both online and print journalism. Her…
Hackers can now sneak malware into the GIFs you share
A video call in progress on Microsoft Teams.

How low will malware go to get onto your device? We thought using Minecraft to gain access to your computer was the most nefarious method hackers have produced, but there's a new, even lower type of attack that uses Microsoft Teams and GIFs to mount phishing attacks on your computer.

The new attack is called GIFShell and it installs malware on your computer to steal data. It does so by sneaking itself into innocent-looking GIFs and then waiting for you to share the GIF with your colleagues via Microsoft Teams.

Read more
Malware has a terrible new way to get to your computer
A villager looks at a sunset.

You've heard of malware spreading through spammy emails and mysterious links on strange websites. But now there's a new avenue of attack for bad actors to take -- and it's via Minecraft. Yes, you read it correctly. The open-world building game loved by seven-year-olds around the globe is quickly becoming a favorite method for spreading malware.

As reported by Bleeping Computer, Kaspersky Labs researched the phenomena from July 2021 until July 2022, and it found that in-game malware accounted for a significant amount of the malware that was spread in that time. Although there was a 30% drop in malware attacks in that year when compared to 2020, the amount of gaming-related malware actually increased. Minecraft on PC was the preferred vector.

Read more
Oh great, new malware lets hackers hijack your Wi-Fi router
The Linksys Hydra 6 dual-band mesh WiFi 6 router.

As if you didn't already have enough to worry about, a new report finds hackers are targeting home Wi-Fi routers to gain access to all your connected devices.

The report comes from Black Lotus Lab, a security division of Lumen Technologies. The report details several observed real-world attacks on small home/home office (SOHO) routers since 2020 when millions of people began working from home at the start of the COVID 19 pandemic.

Read more