sfx2000
Part of the Furniture
Another one... good reason to double check the Admin setup on the router, ensuring one has a reasonably secure password - also a good tip is not to keep the admin page open/logged in - get in, check/change settings, and get out (and probably close the broswer tab/window).
https://securelist.com/blog/mobile/76969/switcher-android-joins-the-attack-the-router-club/
https://securelist.com/blog/mobile/76969/switcher-android-joins-the-attack-the-router-club/
Recently, in our never-ending quest to protect the world from malware, we found a misbehaving Android trojan. Although malware targeting the Android OS stopped being a novelty quite some time ago, this trojan is quite unique. Instead of attacking a user, it attacks the Wi-Fi network the user is connected to, or, to be precise, the wireless router that serves the network. The trojan, dubbed Trojan.AndroidOS.Switcher, performs a brute-force password guessing attack on the router’s admin web interface. If the attack succeeds, the malware changes the addresses of the DNS servers in the router’s settings, thereby rerouting all DNS queries from devices in the attacked Wi-Fi network to the servers of the cybercriminals (such an attack is also known as DNS-hijacking). So, let us explain in detail how Switcher performs its brute-force attacks, gets into the routers and undertakes its DNS-hijack.