Malware authors have hijacked DNS settings on vulnerable routers to redirect users to sites hosting Android malware.
According to Kaspersky Labs telemetry data, these were small-scale attacks, as crooks only hijacked traffic from just 150 unique IP addresses, redirecting users to malicious sites around 6,000 times between February 9 and April 9, 2018.
ORIGINAL SOURCE: Bleeping Computer