Router attack results in ads and porn being injected into websites

As part of an ad-fraud scheme, attackers are using router malware to make it so advertisements and pornography are injected into every website a user visits – so long as the website uses Google Analytics.

“In this case, the fraudsters are using the hijacked DNS to intercept requests to the google-analytics.com domain, then directing the victim to a fake Google Analytics site,” Sergei Frankoff, a researcher with Ara Labs, wrote in a Wednesday post.

He explained, “When the victim requests the Google Analytics [JavaScript] from the fake site they are served malicious [JavaScript] that injects ads into the site they are browsing.”

Frankoff wrote that the router malware takes advantage of default credentials, so users should change their usernames and passwords – as well as ensure their router firmware is updated – to protect against the threat.
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS