Even trying to remember someone’s birthday can pose a risk, as cyber attackers are not above abusing a simple, popular and harmless-looking app called Birthday Reminder to infiltrate devices. Security company ESET found the adware DNSBirthday distributed around the globe with spikes in the US, Spain, Japan and Italy.

The infected Birthday Reminder works properly and runs in the background as programmed but also carries additional components that tie up DNS functions inside web browser applications to inject ads into web pages.

ESET researchers found all related communications tied to RQZTech. The attackers included a hook that links to alternative DNS servers whenever it finds the domain name in the “block list” of the configuration file.

The authors put in a lot of effort to avoid detection, said Marc-Étienne M. Leveillé, senior malware researcher, ESET. “The modular architecture of their malware allows updates and the addition of more features or malware, which suggests we may not have witnessed all the capabilities yet.

“It is also interesting to note that the communication to the C&C server is secured by a pinned public key, which prevents eavesdropping of its activities,” he said.

ESET has reached out to OVH, the hosting company on which the C&C server and rogue DNS server communication was made, and both have been taken down.

To avoid these types of threats, ESET recommends investing in a good security solution, preferably one that includes a tool for monitoring the router’s security.

For more details of the BirthdayReminder malware, visit https://www.welivesecurity.com/2017/06/22/got-birthday-reminder/