Researchers have found that a new cyberattack campaign is hijacking router’s DNS settings, changing web browser display alerts that show fake COVID-19 information claiming to be an app controlled by the World Health Organization. However, behind the fraudulent app is Vidar information-stealing malware. Over the past five days, several users reported that their web browser would automatically open and display the message.

Researchers discovered that the alerts were a result of a cyberattack changing the DNS servers configured on their home routers to use the DNS servers that are operated by the attackers. Experts stated that because most computers use IP address and DNS information that is provided by their router, the malicious DNS servers redirected victims to malicious content under the attackers’ control.

Read More: Hackers Hijack Routers’ DNS to Spread Malicious COVID-19 Apps