It’s worth checking your DNS settings on a regular basis even if you’re not using one of these routers. I tend to use Cloudflare (22.214.171.124) as a default…:
[…] The malicious DNS servers used by hackers are 126.96.36.199 and 188.8.131.52. If ZDNet readers use a D-Link or Linksys router they should connect to the device’s admin panel and check if these two IP addresses appear in the DNS settings section.
If they do, users should remove the DNS server IP addresses and change the router’s admin panel password.
This campaign first began on March 18 and is currently ongoing. D-Link and Linksys owners should be on the lookout for any unprompted requests to download and install coronavirus-related apps — a common malware lure these days, for both common cybercriminals and state-sponsored groups alike.