2020Cyberworld (7)

Seems to use Arpa or loopback addresses to change the behavior of the os and the applications.
Certificate changes
Random files and exes added to the applications list.
Firewall rules change regardless of privilege’s
Like the attacker lives inside the computers applications

Attackers are able to sniff traffic from the incoming lan connection while using a MITM attack or a man in the browser attack. It seems more like a man in the lower attack because it will be as if two users are sending cmds to the same device at the same time. Over time what will happen is the attacker will lock down the access point, harden it then set your browser and internet access to a guest connection. You are able to login in to your router but not actually make changes.. For example I could logon to the router at 192.168.1.1 configure it then connect remotely to it and it would connect to the same port only the ip would be 162.244.6.18. The router of in use doesn’t have WIFI but has an AP controller. Anyone else come across this .please im all ears. Thanks!