Kaspersky Lab cybersecurity researchers have found a new Android malware that is designed to affect smartphones through a very simple and efficient trick based on domain name system (DNS) hijacking technique.
The malware is dubbed as a Roaming Mantis, which is very active and is used to steal all the important credentials of the users. It provides attackers full control over the compromised victim's device.
According to the investigation by Kaspersky Lab the malware target users in Asia with fake websites customized for English, Korean, Simplified Chinese and Japanese. The users in Bangladesh, Japan, and South Korea are infected the most.
“Our research revealed that the malware (sic) contains Android application IDs for popular mobile banking and game applications in South Korea. The malware is most prevalent in South Korea, and Korean is the first language targeted in HTML and test.dex. Based on our findings, it appears the malicious app was originally distributed to South Korean targets. Support was then added for Traditional Chinese, English, and Japanese, broadening its target base in the Asian region.”
However, the researchers were unable to find the method by which routers are compromised.
If the users DNS is successfully hijacked, then access to any genuine website become impossible and it leads them to a URL that is forged with content coming from the attackers' server.
This includes the request: "To better experience the browsing, update to the latest chrome version".
Kaspersky Lab has recommended some of the ways by which you can protect your internet connection from this infection:
- Refer to your router's user manual to verify that your DNS settings haven't been tampered with or contact your ISP for support.
- Change the default login and password for the admin web interface of the router.
- Never install router firmware from third-party sources. Avoid using third-party repositories for your Android devices.
- Regularly update your router's firmware from the official source.