Cybercriminals steal the bank details of users, hacking routers. Unsuspecting users came to fake sites of financial organizations and issued their own credentials, according to a study by Radware.
The vulnerability used concerns DLink devices. Hackers used a special exploit, which remotely changed the DNS parameters of some routers or modems. This allowed them to unnoticedly redirect users to clone sites, financial organizations' clones. Attacks affected two Brazilian banks – Itau Unibanco and Banco de Brasil.
Fake pages looked identical to the original. Users were asked to specify all the details, including the mobile phone number and payment card PIN. The only sign of the attackers' actions was the message about an unprotected connection.
Experts have called this method of fraud unique, since it is produced without any interaction with the user. As a rule, attacks on the financial sphere are realized with the help of phishing campaigns. For example, in this way, attacks on Russian banks of the Corkow, Carbanak and Buhtrap groups were organized.