Attackers are taking aim at online bankers by exploiting vulnerabilities in home routers in order to hijack their DNS settings and lure users to fake bank websites — no matter what type of device they use.
Security researchers from Poland’s Computer Emergency Response Team (CERT Polska) discovered the breach.
Reports about the attacks first surfaced in late 2013 when iPhone users saw pages asking for their mobile transaction numbers (mTANs). This tactic resembled a ZeuS-like attack.
Cybercriminals hijacked the DNS settings of home routers and changed them to redirect online bankers to a phishing page. The malicious websites mimic the banks’ genuine sites. Everything looks normal to users, but there is no HTTPS indicator, and users might notice an unusual host name.
Vulnerabilities in home routers make DNS configuration susceptible to unauthorized remote modifications, said the CERT Polska experts.