Hacker attacks on home routers generally take two approaches, though both rely on the same strategy—namely, accessing the router and changing a table to redirect domain name server (DNS) queries. DNS servers are the machines that convert native language web names, to IP addresses. What this means, for example, is that a user accessing a compromised router might use the link on their browser’s “favorites” bar, to access their bank account. But instead of being routed to their bank, they are instead routed to a web page on a fake server that looks just like the real one. When the user types in their login information, it is stolen by the hackers, who use it to drain the account. That’s the first approach (and the one used in the infamous attack carried out in Poland recently). Since it takes a great deal of effort to pull off, most hackers seem to instead prefer to redirect users to their expected site, but replace ads with their own, or add code that runs on user computers when they visit certain sites.
Read more at: Phys.org