Saturday, May 4, 2024
Home Router Hijacking GhostDNS Got leaked by Mistake !

GhostDNS Got leaked by Mistake !

Router Exploit Kits are gaining popularity these days in the hacker world.

Talk about “ GhostDNS” which uses cross-site request forgery(CSRF) requests to alter the DNS settings and direct access through phishing pages to steal their login credentials.

 

The Source code has been leaked recently by mistake that happens with attackers.

 

How it Caught 

  • The Source Code of GhostDNS exploit kit and other phishing pages were compressed in a RAR archive uploaded to a file-sharing platform by a hacker.
  • When they are trying to download it, one of the members forms attacker groups forgets to disable the Avast web Shield feature of Avast Antivirus installed on their machine.
  • This can allow the Avast web protection technology to detect and analyze the router exploit kit as the archive file was not password protected.

 

Now What next?

  • The Avast Threat Intelligence Team downloaded the archive file named “KL DNS.rar” and delineated the functionality of GhostDNS.
  • The Name indicates that this tool is used for DNS hijacking and Keylogging to gather critical information from the victim’s computer.
  • The two methods used by hackers are Router EK and BRUT which was found in the archive file. Both methods involve the use of CSRF requests to alter DNS settings on a targeted device.

More Information!

  • When the Router exploit kit(EK) preys on Devices in the local network to trick users into clicking on a malicious link, BRUT is used as a mass scanner that attacks routers exposed on the public internet.
  • Some Extended version of the kit, a banner was displayed to inform the attackers that the CSRF request has been executed.
  • When the login information is extracted, the GhostDNS stop and Phishing pages executed means it works step by step to perform the task.
  • The most targeted countries are Brazil at the top priority, South America, US America, and Germany.

Important to mention 

All the above stuff which you read mention only these things that manipulate DNS settings and directs users to phishing sites. Cybercriminals leverage this technique to steal user login credentials and credit card numbers from banks.

Bipin Choudharyhttps://vednam.com
Bipin has been a passionate blogger for several years. He is a Cyber Security Enthusiast, Security Blogger, Technical Writer. He is always eager to know everything about the latest technology development and advancement. Author @ Vednam

2 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

7 Best Free Ethical Hacking Courses Online

  Ethical hacking is the practice of identifying vulnerabilities in computer systems and networks, using the same techniques and tools as malicious hackers. Ethical hackers,...

How does AuKill malware work?

AuKill Malware Actively Used to Disable EDR in Ongoing Attacks The cybersecurity landscape is constantly evolving, and attackers are always finding new ways to breach...

What is Black box hacking ? How Does it works ?

  Black box hacking refers to the process of testing a system, network or application for vulnerabilities without having any prior knowledge of its internal...

What is Penetration testing ? How does it works ?

  Penetration testing, or PenTesting for short, is a critical part of any comprehensive cybersecurity program. It involves testing the security of computer systems, networks,...

Recent Comments