• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Cisco removed the backdoor account from its Unified Communications Manager

 | 

U.S. Sanctions Russia's Aeza Group for aiding crooks with bulletproof hosting

 | 

Qantas confirms customer data breach amid Scattered Spider attacks

 | 

CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025

 | 

U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog

 | 

A sophisticated cyberattack hit the International Criminal Court

 | 

Esse Health data breach impacted 263,000 individuals

 | 

Europol dismantles €460M crypto scam targeting 5,000 victims worldwide

 | 

CISA and U.S. Agencies warn of ongoing Iranian cyber threats to critical infrastructure

 | 

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog

 | 

Canada bans Hikvision over national security concerns

 | 

Denmark moves to protect personal identity from deepfakes with new copyright law

 | 

Ahold Delhaize data breach affected over 2.2 Million individuals

 | 

Facebook wants access to your camera roll for AI photo edits

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 51

 | 

Security Affairs newsletter Round 530 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

The FBI warns that Scattered Spider is now targeting the airline sector

 | 

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

 | 

Taking over millions of developers exploiting an Open VSX Registry flaw

 | 

OneClik APT campaign targets energy sector with stealthy backdoors

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber Crime
  • Hacking
  • Malware
  • Linksys force password reset to prevent Router hijacking

Linksys force password reset to prevent Router hijacking

Pierluigi Paganini April 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware.

Crooks continue to launch Coronavirus-themed attacks, in the last weeks, experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Hackers compromise D-Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization. In some cases, users were infected with the Oski information-stealing malware. The alarming trend was reported by BleepingComputer researchers and security firm Bitdefender.

“For the past five days, people have been reporting their web browser would open on its own and display a message prompting them to download a ‘COVID-19 Inform App’ that was allegedly from the World Health Organization (WHO).” reported BleepingComputer.

“After further research, it was determined that these alerts were being caused by an attack that changed the DNS servers configured on their home D-Link or Linksys routers to use DNS servers operated by the attackers.”

Experts believe hackers are launching brute-force attacks against the routers, then they change the default DNS server settings to point the device to servers under their control.

Every time users attempt to visit a site that is included a list of domains targeted by the hackers, they are redirected to a site urging users to install a (COVID-19) information app.

The hacking campaigns were also detailed by researchers at Bitdefender in late March.

Bitdefender’s telemetry reported that the attacks started on March 18th, experts observed with a peak in activity on March 23rd.

Bitdefender telemetry revealed that most of the victims are in Germany, France, and the United States (over 73 percent of the total), these countries are also among those most impacted by the pandemic.

At the end of March, Linksys issued a security alert warning users of the ongoing attacks and urging them to reset the passwords.

“In analyzing our cloud traffic patterns, we believe there is a coordinated effort to maliciously access and modify Linksys Smart Wi-Fi Accounts using credentials stolen from other websites. Although we have taken additional steps in the cloud to combat these attempts, out of an abundance of caution, we would like all Linksys Smart Wi-Fi users to reset their passwords,” reads the advisory published by the vendor.

Users will be prompted to reset the passwords the next time they log in.  The company also recommends users to check the router’s DNS settings and to make sure the antivirus/malware solutions are up to date and run a full scan.

“When you change your password, we will check your DNS settings, which were the target of this attack. If those settings were altered, we will fix them for you. It would also be a good idea to restart computers and mobile devices that have been connected to your network,” states Linksys.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Linksys, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

coronavirus Hacking hacking news information security news it security it security news Linksys Pierluigi Paganini router hijacking Security Affairs Security News

you might also like

Pierluigi Paganini July 02, 2025
Cisco removed the backdoor account from its Unified Communications Manager
Read more
Pierluigi Paganini July 02, 2025
U.S. Sanctions Russia's Aeza Group for aiding crooks with bulletproof hosting
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Cisco removed the backdoor account from its Unified Communications Manager

    Security / July 02, 2025

    U.S. Sanctions Russia's Aeza Group for aiding crooks with bulletproof hosting

    Cyber Crime / July 02, 2025

    Qantas confirms customer data breach amid Scattered Spider attacks

    Cyber Crime / July 02, 2025

    CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025

    Hacking / July 02, 2025

    U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog

    Hacking / July 02, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT