The Hacker News Logo
Subscribe to Newsletter

Millions of DSL modems hacked in Brazil, spread banking malware

More than 4.5 million DSL modems have been compromised as part of a sustained hacking campaign in Brazil, with the devices spreading malware and malicious web address redirects.

According to the malware analyst at Kaspersky Lab in Brazil, Fabio Assolini. The vulnerability exploited by attackers allowed the use of a script to steal passwords and remotely access the configuration of modems. The attacks was described as "One firmware vulnerability, two malicious scripts, three hardware manufacturers, 35 malicious DNS servers, thousands of compromised ADSL modems, millions of victims."

According to Kaspersky, the Brazilian attackers sought to steal users' banking credentials by redirecting users to false versions of popular sites like Facebook or Google and prompting them to install malware. Some 40 DNS servers were set up outside Brazil too in order to serve forged requests for domain names belonging to Brazilian banks.

Nakedsecurity writes,-- The first thing users may have noticed is that they would visit legitimate websites such as Google, Facebook and Orkut (a Google social network which is particularly popular in Brazil) and would be prompted to install software. In the example below, visitors to Google.com.br were invited to install a program called "Google Defence" in order to access the "new Google".

It remains unclear which modem manufacturers and models are susceptible to the attacks. Assolini said a vulnerability disclosed in early 2011 appears to be caused by a chipset driver included with modems that use hardware from communications chip provider Broadcom. It allows a CSRF attack to take control of the administration panel and capture the password set on vulnerable devices.

After manufacturers issued firmware updates to plug the security hole, the number of compromised modems reduced. However, some 300,000 modems are still thought to be controlled by attackers.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.