|Short Description||The malware infects a device then downloads another malware that infects the router to which the device is connected to.|
|Symptoms||The user may witness browser redirects to third-party websites and his often used websites with different than the original URLs. The DNS address of the router may be also changed to another.|
|Distribution Method||Via malicious URLs.|
|Detection Tool||Download Malware Removal Tool, to See If Your System Has Been Affected by malware|
|User Experience||Join our forum to discuss JS_JITON.|
- Online banking credentials.
- PayPal and other online financial service websites’ account names and passwords.
- Email and other social media account names and passwords.
These credentials may be used in a brute force attack to login to your router. Since most home routers are not configured with strong credentials or security, the malware is very effective in logging in successfully.
Once logged into your home router, the malware may change its DNS settings changing the default address to a custom one. After this is modified, it may reboot the home router to apply and save the setting.
This is particularly risky, especially when it comes to routers that are reconfigured to serve as hotspots in café’s or other public places, because the malware may spread onto a higher number of devices to steal more information. Users are strongly advised to use the mobile connection and avoid public Wi-Fi in general. TrendMicro malware experts have also reported that Jiton malware may target primarily router models from the brands TP-Link, D-Link, and ZTE – all manufacturers whose devices are used by the masses.
To detect whether or not you have this malware installed onto your router, you should check the DNS settings of your device and see whether or not the DNS address is static and different from the one your ISP provided. Usually, most DNS addresses are set to “Automatic” and if you have a static one, it is advisable to remove it and contact your ISP to notify them that you have been affected.
To remove the malware, simply factory reset your router and reconfigure it with different IP address and user name and password, to strengthen its security. Also, make sure you check for firmware update of the router’s software and enable any defenses on the router.
To further strengthen your network, we advise you to follow our recommended security tips and educate users to implement them and avoid further intrusions. It is also advisable to use an advanced anti-malware software for all your devices, including PC’s and smartphones.
For more detailed instructions on how to remove malware from your router and infected devices check out the below mentioned instructive article:
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter