Polish Computer Emergency Response Team (CERT Polska) recently noticed a large scale cyber attack ongoing campaign aimed at Polish e-banking users. Cyber criminals are using known router vulnerability which allow attackers to change the router’s DNS configuration remotely so they can lure users to fake bank websites or can perform Man-in-the-Middle attack. The Domain Name System, or DNS, the Internet’s method of converting Web page names into IP address numbers can be hijacked just by changing server address to a malicious DNS server from router’s settings.
Source: https://thehackernews.com/2014/02/hackers-exploiting-router.html