“Novidade” Found Targeting Home and SOHO Routers

Forums Security News (Security) “Novidade” Found Targeting Home and SOHO Routers

  • This topic has 1 voice and 0 replies.
Viewing 0 reply threads
  • Author
    Posts
    • #29554
      TelegramGroup IoTForIndia
      Moderator
      • Topic 2519
      • Replies 0
      • posts 2519
        @iotforindiatggroup

        #News(Security) [ via IoTForIndiaGroup ]


        We identified a new exploit kit we named Novidade that targets home or small office routers by changing their Domain Name System (DNS) settings via cross-site request forgery (CSRF), enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with. Once the DNS setting is changed to that of a malicious server, the attacker can execute a pharming attack, redirecting the targeted website traffic from all devices connected to the same router by resolving targeted domains to the IP address of their server.

        The earliest Novidade sample we found was from August 2017, and two different variants were identified since. While one of the variants was involved in the DNSChanger system of a recent GhostDNS campaign, we believe that Novidade is not limited to a single campaign, as the exploit kit was also concurrently being used in different campaigns. One possibility is that the exploit kit tool was either sold to multiple groups or the source code was leaked, allowing threat actors to use the kit or create their own variations. Most of the campaigns we discovered used phishing attacks to retrieve banking credentials in Brazil. However, we also recently found campaigns with no specific target geolocation, suggesting that either the attackers are expanding their target areas, or a larger number of threat actors are using it.

        We named the exploit kit Novidade, which means “novelty” in Portuguese, due to the title string “Novidade!” on the webpages of all the current variants


        Read More..

    Viewing 0 reply threads
    • You must be logged in to reply to this topic.