Trend Micro researches discovered a new JavaScript-based malware that infects not only mobile devices but also attacks your home router, altering its DNS (Domain Name System) settings.
Named
JS_JITON, this new threat was first spotted in attacks at the end of December 2015, continuing to infect devices up until this day, hitting its peak in February 2016, with over 1,500 infections per day.
JS_JITON spreads from infected Russian and Asian websites
The malware's infection chain is simple. According to Trend Micro researchers, attackers place malicious code on compromised websites and wait for users to visit these pages using mobile devices.
Once this happens, the malware is downloaded to the user's mobile device and executes, trying to connect to the local home network's router IP using a series of admin and passwords combos hardcoded in the JS_JITON malware source code.
Over 1,400 credentials are included, and once the malware authenticates on the device, it will change the router's DNS settings.
