Skip to main content

New JavaScript attack infects your phone and changes your router's DNS settings

javascript malware mobile theater smartphone
Loganban/123RF
Security firm Trend Micro has discovered an attack on home routers that involves malicious JavaScript, a mobile website, and a mobile device such as a smartphone. This attack has been taking place since December 2015, and so far focuses on Taiwan, Japan, and China. However, the United States is fourth on the attack list, so be prepared.

According to the report, a compromised mobile website can contain JavaScript that downloads another JavaScript with DNS changing routines to the visiting mobile device. Although this JavaScript can also be downloaded on a computer, the infection depends on the user’s medium — for example, JS_JITONDNS only infects mobile devices and triggers the DNS changing routine, while the JITON infection is triggered only if the user has a ZTE modem.

Related Videos

An examination of the code reveals that hackers are targeting routers sold by well known manufacturers such as D-Link, TP-LINK, and ZTE. The report points out that TP-LINK currently owns 28 percent of the router market while D-Link is in the top 10 with a seven percent market share. Given D-Link is based out of Taiwan and TP-LINK is in China, Trend Micro isn’t surprised by the high number of attacks in those regions.

“Cybercriminals behind this incident employ [an] evasive mechanism to go off the radar and continue the attack without arousing any suspicion from affected users. Such tactics include regularly updating the JavaScript codes to fix errors and constantly changing targeted home routers,” the report states. “The compromised websites are difficult to pinpoint due to the lack of any suspicious behavior.”

The DNS settings of a router can be overwritten thanks to the JavaScript code containing more than 1,400 login combinations, including a list of common passwords. There is also code in the JavaScript that can overwrite DNS settings by exploiting a specific vulnerability that currently exists in ZTE-based routers. Ultimately, hackers can remotely send any arbitrary command with administrator privileges to the router when it has been compromised.

However, Trend Micro specifically points out that the DNS changes can only be made if the victim accesses a compromised website on their mobile device. To prevent hackers from gaining control of their routers, all consumers need to do is to keep their home networking router’s firmware up to date, and to avoid using the default ID and password provided with the device when it shipped (like “admin” and ‘password”).

“Often times, people overlook the importance of keeping the firmware updated,” the report adds. “Administrative devices especially in the age of IoT are vulnerable to attacks that may pose risks to both user privacy and security. It is best to know how these smart devices operate and what kind of personal identifiable information these devices may collect.”

The list of countries affected by this mobile attack also includes France, Canada, Australia, Korea, Hong Kong, and the Netherlands, as Trend Micro reveals in a chart.

Attacks on home routers aren’t anything new although this version seems to be surfing the mobile trend in an emerging Internet-of-Things (IoT) world. Hackers can do all sorts of things with compromised routers including establishing a botnet, and programming specific DNS settings that send clueless victims to malicious websites. Unfortunately, most smartphones and tablets aren’t protected like desktops, so this new mobile JavaScript-based hack is certainly alarming to say the least.

Editors' Recommendations

Internet guerrillas: Inside the DIY broadband revolution with NYC Mesh
nyc mesh guerrilla internet network screen shot 2022 02 20 at 5 53 39 am

Toby Bloch doesn’t look like your average internet installation technician. Instead of a uniform with a corporate logo embroidered on it, he wears worn-in jeans and a thick canvas jacket. Instead of a van, he drives a Subaru -- the back of which is stuffed to the gills with a disorganized pile of hand tools, cables, and odd electronic devices with antennas sticking out of them. And unlike most technicians, he isn’t going to earn a dime for the appointment he’s headed to in Brooklyn.

But oddly enough, that’s precisely the point. Bloch doesn’t operate like a normal internet install tech because he isn’t one. He doesn’t work for Comcast or Spectrum or Verizon or any other large internet service provider (ISP). He’s a volunteer at NYC Mesh: A guerrilla internet provider that helps residents get online without paying a monthly fee to the aforementioned telecom companies.

Read more
How Big Jet TV won the internet
A plane landing during Storm Eunice in the UK in February 2022.

As millions of people hunkered down at home on Friday during the U.K.'s worst storm in 32 years, aviation enthusiast Jerry Dyer jumped in his van and drove to London’s Heathrow Airport to livestream passenger jets coming in to land in the challenging conditions.

Within a few hours of Dyer launching his Big Jet TV livestream from the top of his vehicle at the end of Heathrow’s runway 27L, social media started to take notice, with shares and retweets pushing his audience to as high as 200,000 people during the eight-hour livestream.

Read more
Skype now supports 911 calls in the U.S.
iPhone with the Skype mobile app loading screen.

Skype has updated its mobile and desktop apps to allow emergency calling in the U.S. for the first time in its 18-year history. Calls to 911 are also possible via Skype’s web-based service, notes for the recently released Skype 8.80 showed.

Emergency calling from Skype could come in handy if you find yourself in a tricky situation without a phone but have a computer close by, or if phone lines are down but you can get online.

Read more