VERY IMPORTANT

We identified a new exploit kit we named Novidade that targets home or small office routers by changing their Domain Name System (DNS) settings via cross-site request forgery (CSRF), enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with. Once the DNS setting is changed to that of a malicious server, the attacker can execute a pharming attack, redirecting the targeted website traffic from all devices connected to the same router by resolving targeted domains to the IP address of their server.