Malicious bug can steal credentials and take full control of smartphones, Kaspersky reports
A new malware distributed through a domain name system (DNS) method is targeting Android smartphones, particularly those in Asia.
The malicious bug – dubbed ‘Roaming Mantis’ – can steal users’ credentials and allow attackers to take complete control over the device.
It was discovered by Kaspersky Lab researchers, who revealed that the malware was present in 150 networks between February and April 2018.
The unknown attackers spread the bug by compromising vulnerable routers and hijacking the DNS settings.
Once the router is infected, any user connected to the network will be redirected to a genuine-looking URL.
But this URL is actually a malicious site hosted on the attacker’s server, and contains a request asking the mobile phone user to update to the latest version of Google Chrome.
If the user accepts, a trojan is downloaded which contains the backdoor.
The malware steals credentials, such as those used for two-factor authentication, and allows control.
Researchers also discovered references to banking information in the malware code, leading them to believe the attackers are financially motivated.
They also discovered that the malware is mainly being spread across Asia and supports four languages: English, Korean, simple Chinese, and Japanese.
Kaspersky Lab Japan researchers advised Android users to verify their routers have not been infected and also to change the default login and password for their router.
It also advised to regularly update a router’s firmware from an official source, and not to use third-party repositories for Android devices.
Suguru Ishimaru, researcher at Kaspersky Lab Japan, said: “There appears to be considerable motivation behind these attacks, and we need to raise awareness so that people and organizations can better recognize the threat.
“The use of infected routers and hijacked DNS highlights the need for robust device protection and the use of secure connections.”
