Security News > 2023 > January > Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers' DNS Settings

Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System hijacking.

Kaspersky, which carried out an analysis of the malicious artifact, said the feature is designed to target specific Wi-Fi routers located in South Korea.

Some compromises have also leveraged Wi-Fi routers as a means to take unsuspecting users to a fake landing page by using a technique called DNS hijacking, in which DNS queries are manipulated in order to redirect targets to bogus sites.

The latest update to Wroba, per the Russian cybersecurity company, involves a DNS changer function that's engineered to detect certain routers based on their model numbers and poison their DNS settings.

"The new DNS changer functionality can manage all device communications using the compromised Wi-Fi router, such as redirecting to malicious hosts and disabling updates of security products," Kaspersky researcher Suguru Ishimaru said.

"Users with infected Android devices that connect to free or public Wi-Fi networks may spread the malware to other devices on the network if the Wi-Fi network they are connected to is vulnerable," the researcher said.

News URL

https://thehackernews.com/2023/01/roaming-mantis-spreading-mobile-malware.html