Router biz Linksys has reset all its customers’ Smart Wi-Fi account passwords after cybercrims accessed a bunch and redirected hapless users to COVID-19 themed malware.
The mass reset took place after all user accounts were locked on 2 April, following infosec firm Bitdefender revealing that malicious persons were pwning Linksys devices through cred-stuffing attacks.
Hackers with access to Linksys Smart Wi-Fi accounts were changing home routers’ DNS server settings. Compromised users’ attempts to reach domains ranging from Disney, pornography, and Amazon AWS were redirected to a webpage peddling a coronavirus-themed app “that displays a message purportedly from the World Health Organization, telling users to download and install an application that offers instructions and information about COVID-19.”
URL: https://www.theregister.co.uk/2020/04/15/linksys_wifi_password_reset_malware_app/