As part of an ad-fraud scheme, attackers are using router malware to make it so advertisements and pornography are injected into every website a user visits – so long as the website uses Google Analytics.
“In this case, the fraudsters are using the hijacked DNS to intercept requests to the google-analytics.com domain, then directing the victim to a fake Google Analytics site,” Sergei Frankoff, a researcher with Ara Labs, wrote in a Wednesday post.
He explained, “When the victim requests the Google Analytics [JavaScript] from the fake site they are served malicious [JavaScript] that injects ads into the site they are browsing.”
Frankoff wrote that the router malware takes advantage of default credentials, so users should change their usernames and passwords – as well as ensure their router firmware is updated – to protect against the threat.
