An examination of the code reveals that hackers are targeting routers sold by well known manufacturers such as D-Link, TP-LINK, and ZTE. The report points out that TP-LINK currently owns 28 percent of the router market while D-Link is in the top 10 with a seven percent market share. Given D-Link is based out of Taiwan and TP-LINK is in China, Trend Micro isn’t surprised by the high number of attacks in those regions.
However, Trend Micro specifically points out that the DNS changes can only be made if the victim accesses a compromised website on their mobile device. To prevent hackers from gaining control of their routers, all consumers need to do is to keep their home networking router’s firmware up to date, and to avoid using the default ID and password provided with the device when it shipped (like “admin” and ‘password”).
“Often times, people overlook the importance of keeping the firmware updated,” the report adds. “Administrative devices especially in the age of IoT are vulnerable to attacks that may pose risks to both user privacy and security. It is best to know how these smart devices operate and what kind of personal identifiable information these devices may collect.”
The list of countries affected by this mobile attack also includes France, Canada, Australia, Korea, Hong Kong, and the Netherlands, as Trend Micro reveals in a chart.