CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers’ DNS Settings

admin by admin
January 20, 2023
in Information Security


Jan 20, 2023Ravie LakshmananNetwork Security / Mobile Hacking

Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking.

Kaspersky, which carried out an analysis of the malicious artifact, said the feature is designed to target specific Wi-Fi routers located in South Korea.

Roaming Mantis, also known as Shaoye, is a long-running financially motivated operation that targets Android smartphone users with malware capable of stealing bank account credentials as well as harvesting other kinds of sensitive information.

Although primarily targeting the Asian region since 2018, the hacking crew was detected expanding its victim range to include France and Germany for the first time in early 2022 by camouflaging the malware as the Google Chrome web browser application.

The attacks leverage smishing messages as the initial intrusion vector of choice to deliver a booby-trapped URL that either offers a malicious APK or redirects the victim to phishing pages based on the operating system installed in the mobile devices.

Wi-Fi Routers' DNS Settings

Alternatively, some compromises have also leveraged Wi-Fi routers as a means to take unsuspecting users to a fake landing page by using a technique called DNS hijacking, in which DNS queries are manipulated in order to redirect targets to bogus sites.

Regardless of the method used, the intrusions pave the way for the deployment of a malware dubbed Wroba (aka MoqHao and XLoader) that’s capable of carrying out a slew of nefarious activities.

The latest update to Wroba, per the Russian cybersecurity company, involves a DNS changer function that’s engineered to detect certain routers based on their model numbers and poison their DNS settings.

“The new DNS changer functionality can manage all device communications using the compromised Wi-Fi router, such as redirecting to malicious hosts and disabling updates of security products,” Kaspersky researcher Suguru Ishimaru said.

The underlying idea is to cause devices connected to the breached Wi-Fi router to be redirected to web pages controlled by the threat actor for further exploitation. Given that some of these pages deliver the Wroba malware, the attack chain effectively creates a steady stream of “bots” that can be weaponized to break into healthy Wi-Fi routers.

It’s notable that the DNS changer program is exclusively used in South Korea. However, the Wroba malware in itself has been spotted targeting victims in Austria, France, Germany, India, Japan, Malaysia, Taiwan, Turkey, and the U.S. via smishing.

“Users with infected Android devices that connect to free or public Wi-Fi networks may spread the malware to other devices on the network if the Wi-Fi network they are connected to is vulnerable,” the researcher said.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Fall 2022 SOC reports now available in Spanish

Next Post

Initiativesofbusinessarchitecture ~ Future of CIO

Related Posts

Information Security

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

by admin
February 2, 2023
Information Security

AWS achieves ISO 20000-1:2018 certification for 109 services

by admin
February 2, 2023
Information Security

Everything you need to know

by admin
February 2, 2023
Information Security

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

by admin
February 1, 2023
Information Security

How to set up ongoing replication from your third-party secrets manager to AWS Secrets Manager

by admin
February 1, 2023
Next Post

Initiativesofbusinessarchitecture ~ Future of CIO

Recommended

Initiatetogoapproach

February 2, 2023

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

February 2, 2023

AWS achieves ISO 20000-1:2018 certification for 109 services

February 2, 2023

Everything you need to know

February 2, 2023

Influentialleadership ~ Future of CIO

February 1, 2023

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

February 1, 2023

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.