Malware AndroidOS Switcher, carry out a brute force attack on the routers admin panel if the attacks succeeded then the malware can change the IP address of the DNS servers in the router. This process of overthrow is referred as DNS-hijacking. The most common configuration for WiFi routers involves making the DNS settings of the devices connected to it the same as its own, thus forcing all devices in the network to use the same DNS settings to it. The second version is a well-made imitation of a popular Chinese app for sharing information about Wi-Fi networks (including the security password) between users.”]
Source: https://gbhackers.com/switcher-android-malware-seize-routerss-dns-settings/