From cujo.com
Recently, we have observed ongoing attacks on residential gateways. These attacks had a common trait: they all originated fromofuxico[.]com.br with the help of malvertising. Once a victim visits this site, they are led through a loop of referrers and redirectors to a malicious JavaScript file. Its end goal is to change the DNS settings on the residential router by initiating a CSRF attack. The victim usually does not detect any malicious activity due to weak device protection and the fact that the attack is executed in the background via hidden iframes and malicious redirectors. In this article, I will present a case study of home router DNS hijacking in Brazil.