Home » Antivirus » ‘Switcher’ Malware Transfers an Attack from Your Smartphone to Your Router

Why attack one system when you can enter inside an entire network and control every device linked to it? That is the motto ‘Switcher’ malware. It is the newest Android Trojan threat these days. It uses naive Android devices as tools to forward all net traffic from Wi-Fi connected devices on a given bandwidth to one owned by a hacker, putting those devices straight into the hands of attackers.


This malware variant initiates its attack by first infecting a naive phone by hiding itself as a mobile app. Two hiding technique have been seen in use so far: one in which the malware hide itself as an app for the search engine, and another where it displays within an app that locates and shares Wi-Fi details.  Once in, it then achieves brute-force attacks on the router it’s linked to in an attempt to get its password. If it gets inside easily, the malware alters the addresses of the DNS server. DNS is an Internet service that converts domain names into IP addresses in the router’s settings. This router then reroutes all DNS movement from devices in the attacked Wi-Fi network to the servers of the hackers. This attack is technically refereed as DNS hijacking.

If a hacker can hijack a DNS server, all devices linked to it like the mobile phone and PC connected to your home Wi-Fi network will seemly interact with the hacker server, making them openly inclined to attack. Meaning, any device linked to that network at any time could be compromised, leaving a good amount of personal data susceptible.

The important point here to know is that only 1,250 Wi-Fi networks have fallen prey to the attack. The bad news though, is that even if the attack is noticed, it can be tough to eradicate the infection, thanks to backup servers hackers may have in place.

So how precisely is this attack promising? Two words: predefined credentials. The ‘Switcher’ malware is said to flourish in its early penetration by using a long, predefined list of password and login probabilities a task which is made quite simple if the router uses easily penetrated predefined authorizations.

So, what can you do to stay secure against router-based attacks like these? First off, it’s important to change predefined router passwords so your network and all devices linked to it aren’t vulnerable to attack. Remember: if hackers can get into a router, it’s like giving them the authorization to your whole, connected territory of devices. Here are a few additional tips for not allowing a DNS hijacking attack, to keep in you safe area:

  • Be careful of what devices link to your network. Just because the ‘Switcher’ malware isn’t on your smartphone, doesn’t mean it couldn’t be on an outsider Android phone who likes to connect to your Wi-Fi. Be watchful who you give your Wi-Fi password out to you, and confirm you know what devices are linking to your network. Change your network password regularly, and make sure it’s long and confusing.
  • Lock down your smartphone. Since this attack starts by infiltrating a phone, it’s important to make sure your mobile device is secured from all angles. Go for the security solutions that lock down your smartphone from the inside out, like McAfee Antivirus Security, which diagnose and blocks malware like the ‘Switcher’ strain. If you are not aware of the method of installing and configuring McAfee antivirus, then don’t worry at all. You can call the McAfee tech support, toll free number. The technician present will assist you in a very simple manner. These technicians are highly qualified and certified by the Microsoft.