Malicious actors linked to the Roaming Mantis attack group were seen distributing an updated variation of their patented mobile malware called Wroba to compromise Wi-Fi routers and perform Domain Name System (DNS) theft.
Kaspersky found that the threat actor behind Roaming Mantis only targets routers made by a well-known South Korean network equipment manufacturer that is situated in that country.
Researchers have been tracking the Roaming Mantis malware distribution and credential theft campaign since September 2022. This malware uses an updated version of the Android malware Wroba. o/XLoader to identify susceptible WiFi routers based on its model and modify their DNS.
All Android devices connected to the WiFi network will now experience a redirect to the malicious landing page and a request to install the malware as a result of the router’s DNS settings having been altered. Consequently, there is a steady flow of infected devices that can penetrate secure WiFi routers on national public networks that serve a huge number of users.
The attacks use smishing messages as their primary intrusion vector to deliver a booby-trapped URL that, depending on the mobile device’s operating system, either provides a malicious APK or directs the user to phishing URLs.
Even though the
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: