The Switcher Android Trojan uses infected Android devices to attack wireless routers by performing brute force attacks on the routers’ admin web interfaces. If the attacks succeed, Switcher hijacks the Domain Name Server (DNS) by changing the IP addresses of the DNS servers in the router settings and then reroutes all DNS queries to the attackers’ servers. As a result, Switcher is able to redirect all connected users to malicious IP addresses when they enter legitimate domain addresses, thereby exposing them to a broad range of attacks including phishing and malware infection.
There is currently no indication of Switcher infection in Singapore. However, Singapore users should nevertheless adopt the necessary preventive measures to avoid potential infection.