Well-known security researcher Kafeine has spotted an active campaign aimed at compromising SOHO routers and changing their DNS settings so that the attackers can seamlessly redirect users to phishing sites, hijack their search queries, intercept their traffic, and more.
This particular campaign apparently targets only users of Google's Chrome browser and ignores others. Chrome users who visit a compromised website are redirected to a site that serves cross-site request forgery (CSRF) code that determines which router model the victims use.
Depending on that information, an exploit for one of several vulnerabilities - CVE-2015-1187, CVE-2008-1244, or CVE-2013-2645 - is served, or several sets of common administrative credentials are tried, all with the aim to access the router's administration interface.
Continued : http://www.net-security.org/secworld.php?id=18424
Related : Exploit Kit Using CSRF to Redirect SOHO Router DNS Settings