VERY IMPORTANT

Recently, CUJO AI has observed ongoing attacks on residential gateways. These attacks have a common trait: they all originated from the same site with the help of malvertising. Once a victim visits this site, they are led through a loop of referrers and redirectors to a malicious JavaScript file. Its end goal is to change the DNS settings on the residential router by initiating a CSRF attack. The victim usually does not detect any malicious activity due to weak device protection and the fact that the attack is executed in the background via hidden iframes and malicious redirectors. This blog presents a case study of home router DNS hijacking in Brazil.