Researchers at Trend Micro uncovered a new form of attack exploiting vulnerabilities in a home router.
For the assault to function, a user must use their mobile device to access websites on which sits malicious JavaScript. At that point a second JavaScript will download with DNS changing routines. The infection chain is set in motion by the downloaded JS_JITON script which can infect a mobile device or a modem from several top manufacturers.
Top countries affected are Taiwan, Japan, China, the U.S. and France.
The Trend Micro team explained that the attackers use sophisticated techniques to evade detection, including regularly updating JavaScript codes to amend errors and switching home router targets. The researchers as well saw evidence of keylogging capabilities, but noted that function has since been removed.
They advised users to keep firmware and routers up to date with patches and avoid using default IDs and passwords.