Security researches at Kaspersky Lab have discovered an Android malware that attacks wifi routers -- dubbed Switcher. This malware has so far been seen in two different disguises, as mobile client for the Chinese Baidu search engine, and as a popular Chinese app for sharing wifi information, including the password. These criminals set up fake websites to distribute the trojan.
Switcher tries to log in to the wifi router's web interface, using a predefined list of default passwords. This attack was designed for TP-Link wifi routers; and may not work on other brands. Future trojans using this strategy will undoubtedly attack a wider variety of routers.
When successful, the router's DNS settings are changed, to a server controlled by the criminals, and a secondary owned by Google, 126.96.36.199. The DNS (domain name server) is the computer that changes names like thegoldwater.com to an IP address, which is then used by internet protocols for communications. …