Netlab 360, the cybersecurity laboratory of the Chinese company QuiHoo, has detected a powerful botnet that is rampant in Brazil. Its name? GhostDNS. The latter is designed to steal the bank details of Internet users. A new IoT botnet has compromised nearly 100,000 routers in Brazil. No less than 70 models sold to private individuals are affected by this attack. This one is particularly vicious. Hackers are not intended to disable these products or websites through a DDoS attack, but to empty bank accounts. Radware, a provider of load balancing and cybersecurity services for data centers, has identified the latest attack campaign. It was aimed at the customers of Banco do Brasil, one of the oldest banks in the country.
The attack is not negligible. Nearly 88% of infected devices are located in Brazil. DNS changers have infected more than 50 domain names including Netflix, Citibank.br and other Brazilian banks have been hacked to retrieve users’ credentials. In addition, unauthorized DNS servers operated on Hostkey, Oracle, Multacom, Amazon, Google, Telefónica, Aruba and OVH. Netlab 360 informed the companies in question, most of which have deleted the corresponding IP addresses. Netlab 360 believes that GhostDNS is “a real threat to the global Internet“. Researchers recommend that Internet users and Brazilian companies update their routers.