Incident Response, TDR

Router attack results in ads and porn being injected into websites

As part of an ad-fraud scheme, attackers are using router malware to make it so advertisements and pornography are injected into every website a user visits – so long as the website uses Google Analytics.

“In this case, the fraudsters are using the hijacked DNS to intercept requests to the google-analytics.com domain, then directing the victim to a fake Google Analytics site,” Sergei Frankoff, a researcher with Ara Labs, wrote in a Wednesday post.

He explained, “When the victim requests the Google Analytics [JavaScript] from the fake site they are served malicious [JavaScript] that injects ads into the site they are browsing.”

Frankoff wrote that the router malware takes advantage of default credentials, so users should change their usernames and passwords – as well as ensure their router firmware is updated – to protect against the threat.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.