Radware researchers found that the attackers used the vulnerability of some D-Link routers to modify remotely DNS server settings. Malicious DNS server IPs used in the exploit were 69.162.89.185. and 198.50.222.136. Banco de Brasil and Unibanco сustomers were redirected to the fake malicious website that requested his personal data. Experts say that these attacks are very unique because they don’t require any user interaction: the hijacking works without crafting or changing URLs in the user’s browser, attackers don’t send phishing emails and no changes are required on the computer.
