Hackers Target Bank Customers In Brazil With DNS Redirects


Hackers are seeking to gain user credentials through Internet of Things (IoT) devices by targeting customers of a Brazilian bank. Radware Threat Research Center wrote in a blog post that hackers are seeking to change domain name system (DNS) settings.

The malicious agent redirected a user’s DNS requests for Banco de Brasil’s website to a cloned website, which did not have a connection to the bank’s legitimate site. Itau Unibanco, another Brazilian bank, also reportedly had its site redirected, but, as of now, a cloned website is not apparently involved in that redirect.

In terms of other requests, the server functions as a forwarder. As a result, it can serve as a “man-in-the-middle” to show users bogus web fronts and portals in an attempt to gather their sensitive data.

The news emerged about two years after it was reported that hackers found ways to turn DVRs, satellite antennas and networking devices against their owners. Apparently, all such devices offer an excellent place to do mass tests of stolen login credentials, according to research from Akamai Technologies, Inc.

The report also noted that hackers have apparently spent months at a time using millions of smart devices to see if stolen passwords are usable on more than one site. This type of hacking is referred to as a credential stuffing campaign.

“Once malicious users access the web administration console of these devices, they can then compromise the device’s data and, in some cases, take over the machine,” Akamai researchers wrote in their report. They noted that the vulnerability isn’t new, but has resurfaced with the proliferation of connected devices. Akamai said it is working with some of the biggest device vendors on “a proposed plan of mitigation.”